Исследование антивирусов 6

**mayas** · 11.05.2008, 19:44

a-squared 3.5.0.18 2008.05.10 2008-05-10 -
40.542 AhnLab V3 2008.05.09.00 2008.05.09 2008-05-09 -
40.487 AntiVir 7.8.0.17 7.0.4.23 2008-05-09 -
4.003 Arcavir 1.0.4 200805101105 2008-05-10 -
3.343 AVAST! 1.0.8 080510-0 2008-05-10 -
3.061 AVG 7.5.51.442 269.23.15/1426 2008-05-10 -
2.840 BitDefender 7.60825.1191169 7.18939 2008-05-11 Trojan.Patched.BR
4.312 CA (VET) 9.0.0.143 31.4.5772 2008-05-09 -
40.249 ClamAV 0.93 7087 2008-05-11 -
0.072 Comodo 2.11 2.0.0.521 2008-05-11 -
20.153 CP Secure 1.1.0.715 2008.05.11 2008-05-11 -
7.316 Dr.Web 4.44.0.9170 2008.05.10 2008-05-10 -
6.973 ewido 4.0.0.2 2008.05.09 2008-05-09 -
6.702 F-Prot 4.4.1.52 20080510 2008-05-10 -
6.633 F-Secure 5.51.6100 2008.05.10.01 2008-05-10 -
12.418 Fortinet 2.81-3.11 9.65 2008-05-10 Suspicious
13.768 Ikarus T3.1.01.26 2008.05.11.70733 2008-05-11 -
6.619 JiangMin 10.00.650 2008.05.11 2008-05-11 -
12.071 Kaspersky 5.5.10 2008.05.11 2008-05-11 -
32.835 KingSoft 2007.6.20.249 2008.5.7 2008-05-07 -
1.664 McAfee 5.2.00 5292 2008-05-09 -
13.820 Microsoft 1.3408 2008.05.10 2008-05-10 VirTool:Win32/Obfuscator.AX(Suspicious)
8.617 mks_vir 2.01 2008.05.10 2008-05-10 -
18.378 Norman 5.92.06 5.92.00 2008-05-0900:14:51 -
36.136 nProtect 2008-05-02.00 1441206 2008-05-02 Trojan.Patched.BR
6.668 Panda 9.04.03.0001 2008.05.11 2008-05-11 Suspicious file
10.268 Prevx V2 20080511 2008-05-11 TROJAN.DOWNLOADER.GEN
5.197 Quick Heal 9.00 2008.05.10 2008-05-10 Suspicious - DNAScan
3.566 Rising 20.0 20.43.62.00 2008-05-11 Packer.Win32.Agent.d
2.603 Sophos 2.73.0 4.29 2008-05-11 -
12.886 Symantec 1.3.0.24 20080510.006 2008-05-10 -
0.201 The Hacker 6.2.92 v00307 2008-05-10 -
1.356 Trend Micro 8.500-1001 5.270.01 2008-05-09 -
0.044 VBA32 3.12.6.5 20080509.1907 2008-05-09 Malware-Cryptor.Win32.Vserafno
5.312 ViRobot 20080510 2008.05.10 2008-05-10 -
3.600 VirusBuster 4.3.19:9 9.127.13/11.0 2008-05-11 -
4.193

Добавлено через 50 минут
типа новая версия квипа 8060

AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.09 -
Authentium 4.93.8 2008.05.11 -
Avast 4.8.1169.0 2008.05.10 -
AVG 7.5.0.516 2008.05.11 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.10 -
ClamAV 0.92.1 2008.05.11 -
DrWeb 4.44.0.09170 2008.05.10 -
eSafe 7.0.15.0 2008.05.09 -
eTrust-Vet 31.4.5772 2008.05.09 -
Ewido 4.0 2008.05.11 Worm.Lamar.f
F-Prot 4.4.2.54 2008.05.10 -
F-Secure 6.70.13260.0 2008.05.10 IM-Worm.Win32.Lamar.i
Fortinet 3.14.0.0 2008.05.11 -
Ikarus T3.1.1.26.0 2008.05.11 -
Kaspersky 7.0.0.125 2008.05.11 IM-Worm.Win32.Lamar.i
McAfee 5292 2008.05.10 -
Microsoft 1.3408 2008.05.11 -
NOD32v2 3090 2008.05.09 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.11 -
Prevx1 V2 2008.05.11 -
Rising 20.43.62.00 2008.05.11 -
Sophos 4.29.0 2008.05.11 -
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.11 -
TheHacker 6.2.92.307 2008.05.11 -
VBA32 3.12.6.5 2008.05.11 -
VirusBuster 4.3.26:9 2008.05.10 -
Webwasher-Gateway 6.6.2 2008.05.09 -

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Groft** · 11.05.2008, 21:44

типо еще 1 квип :)

Файл qip.exe получен 2008.05.11 19:42:33 (CET)
Текущий статус: закончено
Результат: 13/31 (41.94%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
AhnLab-V3 2008.5.10.0 2008.05.10 -
AntiVir 7.8.0.17 2008.05.11 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.05.11 -
Avast 4.8.1169.0 2008.05.10 Win32:LdPinch-CNU
AVG 7.5.0.516 2008.05.11 Downloader.Agent
BitDefender 7.2 2008.05.08 Trojan.Dropper.RTS
CAT-QuickHeal 9.50 2008.05.10 -
ClamAV 0.92.1 2008.05.11 Trojan.Dropper-6121
DrWeb 4.44.0.09170 2008.05.10 Trojan.DownLoader.59620
eSafe 7.0.15.0 2008.05.09 -
eTrust-Vet 31.4.5772 2008.05.09 -
Ewido 4.0 2008.05.11 -
F-Prot 4.4.2.54 2008.05.10 -
F-Secure 6.70.13260.0 2008.05.10 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.05.11 -
Ikarus T3.1.1.26.0 2008.05.11 Packer.Pohernah.C
Kaspersky 7.0.0.125 2008.05.11 Backdoor.Win32.SdBot.dtu
McAfee 5292 2008.05.10 -
Microsoft 1.3408 2008.05.11 VirTool:Win32/Obfuscator.AZ
NOD32v2 3090 2008.05.09 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.11 Suspicious file
Prevx1 V2 2008.05.11 -
Rising 20.43.62.00 2008.05.11 -
Sophos 4.29.0 2008.05.11 -
Sunbelt 3.0.1097.0 2008.05.07 -
Symantec 10 2008.05.11 -
TheHacker 6.2.92.307 2008.05.11 -
VBA32 3.12.6.5 2008.05.11 suspected of Backdoor.Delf.180 (paranoid heuristics)
VirusBuster 4.3.26:9 2008.05.11 -
Webwasher-Gateway 6.6.2 2008.05.11 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 3512125 bytes
MD5...: fd6bc4a89a59bf367564e2305e2d1dfb
SHA1..: 7211d4c1566043aa4cc6ffa9743b2d148a2c5ba2
SHA256: 783ebd45afadba2de570e846770acbac65c2c5d27b4de1880d a61840dbdef70e
SHA512: 4b7079d7607e9edc5623ed20f4bb4b07c9b7cda06992c5cba9 e20b0f6511a08d
eea01ca3687a7a27589e9037da109cf2a5da0468247fa53247 1a4611b5b83c7c
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401059
timedatestamp.....: 0x47e8bd39 (Tue Mar 25 08:52:09 2008)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x200 0x200 6.16 c43ed6876da81358d10503706c2e5b6a
.rsrc 0x2000 0x35933d 0x35933d 6.79 4455f3eb85c1e1c85283a7d394dec146
( 0 imports )
( 0 exports )

http://www.virustotal.com/ru/analisi...048ab05285d753

**Shu_b** · 12.05.2008, 11:37

t 22727

Код:

File braviax.exe received on 05.12.2008 09:29:16 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.10.0	2008.05.10	-
AntiVir	7.8.0.17	2008.05.11	HEUR/Malware
Authentium	4.93.8	2008.05.10	-
Avast	4.8.1169.0	2008.05.11	-
AVG	7.5.0.516	2008.05.11	-
BitDefender	7.2	2008.05.08	-
CAT-QuickHeal	9.50	2008.05.10	-
ClamAV	None	2008.05.12	-
DrWeb	4.44.0.09170	2008.05.12	-
eSafe	7.0.15.0	2008.05.12	-
eTrust-Vet	31.4.5772	2008.05.09	-
Ewido	4.0	2008.05.11	-
F-Prot	4.4.2.54	2008.05.12	-
F-Secure	6.70.13260.0	2008.05.12	W32/Malware
Fortinet	3.14.0.0	2008.05.12	-
Ikarus	T3.1.1.26.0	2008.05.12	-
Kaspersky	7.0.0.125	2008.05.12	Heur.Trojan.Generic
McAfee	5291	2008.05.08	-
Microsoft	1.3408	2008.05.12	-
NOD32v2	3091	2008.05.12	-
Norman	5.80.02	2008.05.09	-
Panda	9.0.0.4	2008.05.11	-
Prevx1	V2	2008.05.12	-
Rising	20.43.62.00	2008.05.11	-
Sophos	4.29.0	2008.05.12	-
Sunbelt	3.0.1114.0	2008.05.12	-
Symantec	10	2008.05.12	-
TheHacker	6.2.92.307	2008.05.12	-
VBA32	3.12.6.5	2008.05.12	-
VirusBuster	4.3.26:9	2008.05.11	-
Webwasher-Gateway	6.6.2	2008.05.11	Heuristic.Malware
Additional information
File size: 37376 bytes

**Groft** · 13.05.2008, 17:09

Файл opr003SL.exe получен 2008.05.13 15:05:46 (CET)
Текущий статус: закончено
Результат: 8/32 (25%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
AhnLab-V3 2008.5.10.0 2008.05.13 -
AntiVir 7.8.0.17 2008.05.13 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.05.13 -
Avast 4.8.1169.0 2008.05.12 -
AVG 7.5.0.516 2008.05.13 Downloader.Zlob.12.AH
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.12 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.05.13 -
DrWeb 4.44.0.09170 2008.05.13 -
eSafe 7.0.15.0 2008.05.12 Suspicious File
eTrust-Vet 31.4.5783 2008.05.12 -
Ewido 4.0 2008.05.13 -
F-Prot 4.4.2.54 2008.05.13 -
F-Secure 6.70.13260.0 2008.05.13 -
Fortinet 3.14.0.0 2008.05.13 -
GData 2.0.7306.1023 2008.05.13 -
Ikarus T3.1.1.26.0 2008.05.13 -
Kaspersky 7.0.0.125 2008.05.13 -
McAfee 5293 2008.05.12 -
Microsoft 1.3408 2008.05.13 Trojan:Win32/Tibs.gen!G
NOD32v2 3095 2008.05.13 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.12 -
Prevx1 V2 2008.05.13 -
Rising 20.44.12.00 2008.05.13 -
Sophos 4.29.0 2008.05.13 Mal/EncPk-DA
Sunbelt 3.0.1114.0 2008.05.12 -
Symantec 10 2008.05.13 -
TheHacker 6.2.92.309 2008.05.13 -
VBA32 3.12.6.6 2008.05.13 suspected of Downloader.Zlob.8
VirusBuster 4.3.26:9 2008.05.12 -
Webwasher-Gateway 6.6.2 2008.05.13 Trojan.Crypt.XPACK.Gen
http://www.virustotal.com/ru/analisi...a5dec80d6f5293

**mayas** · 14.05.2008, 19:19

Antivirus Version Last Update Result
AhnLab-V3 2008.5.10.0 2008.05.13 -
AntiVir 7.8.0.17 2008.05.13 HEUR/Win32.Virus.Damaged
Authentium 5.1.0.4 2008.05.14 W32/NewUnknownMalware-P74!Maximus
Avast 4.8.1169.0 2008.05.12 -
AVG 7.5.0.516 2008.05.13 Win32/PolyCrypt
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.12 -
ClamAV 0.92.1 2008.05.13 -
DrWeb 4.44.0.09170 2008.05.13 -
eSafe 7.0.15.0 2008.05.12 -
eTrust-Vet 31.4.5784 2008.05.13 -
Ewido 4.0 2008.05.13 -
F-Prot 4.4.2.54 2008.05.13 W32/NewUnknownMalware-P74!Maximus
F-Secure 6.70.13260.0 2008.05.13 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.05.13 -
GData 2.0.7306.1023 2008.05.14 -
Ikarus T3.1.1.26.0 2008.05.13 Trojan.MulDrop.4111
Kaspersky 7.0.0.125 2008.05.13 -
McAfee 5293 2008.05.12 -
Microsoft 1.3408 2008.05.13 VirTool:Win32/Obfuscator.AX
NOD32v2 3095 2008.05.13 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.12 -
Rising 20.44.12.00 2008.05.13 -
Sophos 4.29.0 2008.05.13 Sus/UnkPacker
Sunbelt 3.0.1114.0 2008.05.12 -
Symantec 10 2008.05.13 -
TheHacker 6.2.92.309 2008.05.13 -
VBA32 3.12.6.6 2008.05.13 -
VirusBuster 4.3.26:9 2008.05.12 -
Webwasher-Gateway 6.6.2 2008.05.13 Heuristic.Win32.Virus.Damaged
Additional information
File size: 595085 bytes
MD5...: 12931f9ad898e6a776a08c66c551365d
SHA1..: ffb8fe5cc11b382af407fcfc70a31de04ced502b
SHA256: a1db3f79a36ba5cb6e6fb9bf2848bc7b704169189d4cdd1132 6c9d5fc73da429
SHA512: 6ddbbc3c951ff22c84fca5d74d86f0ae0c2d3c4613addd6b39 de5e614b18ae75
28b92dd94a3cc2370fa27cac1b9f4401f8722606e7b31bf71b aca166d4b38f50

**ALEX(XX)** · 16.05.2008, 16:17

File autorun.exe received on 05.16.2008 14:14:45 (CET)

Код:

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.16.0	2008.05.16	-
AntiVir	7.8.0.19	2008.05.16	CC/UKMalw.LB
Authentium	5.1.0.4	2008.05.16	W32/Trojan.BWKV
Avast	4.8.1169.0	2008.05.12	Win32:Trojan-gen {VC}
AVG	7.5.0.516	2008.05.16	-
BitDefender	7.2	2008.05.16	-
CAT-QuickHeal	9.50	2008.05.15	Trojan.Soltek.kj
ClamAV	0.92.1	2008.05.16	Trojan.Agent-17889
DrWeb	4.44.0.09170	2008.05.16	-
eSafe	7.0.15.0	2008.05.16	-
eTrust-Vet	31.4.5788	2008.05.14	-
Ewido	4.0	2008.05.14	Trojan.Legmir
F-Prot	4.4.2.54	2008.05.16	W32/Trojan.BWKV
F-Secure	6.70.13260.0	2008.05.16	-
Fortinet	3.14.0.0	2008.05.15	W32/Small.K!tr
GData	2.0.7306.1023	2008.05.16	Win32:Trojan-gen 
Ikarus	T3.1.1.26.0	2008.05.16	Trojan-PWS.Legmir
Kaspersky	7.0.0.125	2008.05.16	-
McAfee	5296	2008.05.16	-
Microsoft	1.3408	2008.05.13	-
NOD32v2	3104	2008.05.16	-
Norman	5.80.02	2008.05.15	-
Panda	9.0.0.4	2008.05.15	-
Prevx1	V2	2008.05.16	Malicious Software
Rising	20.44.32.00	2008.05.15	-
Sophos	4.29.0	2008.05.16	Troj/Userin-B
Sunbelt	3.0.1114.0	2008.05.12	-
Symantec	10	2008.05.16	Backdoor.EggDrop
TheHacker	6.2.92.311	2008.05.15	Trojan/Legmir.gen
VBA32	3.12.6.6	2008.05.16	Trojan.PWS.Legmir
VirusBuster	4.3.26:9	2008.05.15	-
Webwasher-Gateway	6.6.2	2008.05.16	Virus.UKMalw.LB

**mayas** · 18.05.2008, 14:16

Result: 4/32 (12.5%)

Antivirus Version Last Update Result
AhnLab-V3 2008.5.10.0 2008.05.13 -
AntiVir 7.8.0.17 2008.05.13 -
Authentium 5.1.0.4 2008.05.14 -
Avast 4.8.1169.0 2008.05.12 Win32:SdBot-4752
AVG 7.5.0.516 2008.05.13 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.12 -
ClamAV 0.92.1 2008.05.13 -
DrWeb 4.44.0.09170 2008.05.13 -
eSafe 7.0.15.0 2008.05.12 Win32.Womble
eTrust-Vet 31.4.5784 2008.05.13 -
Ewido 4.0 2008.05.13 -
F-Prot 4.4.2.54 2008.05.13 -
F-Secure 6.70.13260.0 2008.05.13 -
Fortinet 3.14.0.0 2008.05.13 -
GData 2.0.7306.1023 2008.05.14 Win32:SdBot-4752
Ikarus T3.1.1.26.0 2008.05.13 -
Kaspersky 7.0.0.125 2008.05.13 -
McAfee 5293 2008.05.12 -
Microsoft 1.3408 2008.05.13 -
NOD32v2 3095 2008.05.13 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.12 Suspicious file
Prevx1 V2 2008.05.18 -
Rising 20.44.12.00 2008.05.13 -
Sophos 4.29.0 2008.05.13 -
Sunbelt 3.0.1114.0 2008.05.12 -
Symantec 10 2008.05.13 -
TheHacker 6.2.92.309 2008.05.13 -
VBA32 3.12.6.6 2008.05.13 -
VirusBuster 4.3.26:9 2008.05.12 -
Webwasher-Gateway 6.6.2 2008.05.13 -
Additional information
File size: 38912 bytes
MD5...: da155c66d91243301aaf91aeb97fbea9
SHA1..: e4722ade34722e73e7b5f046c763d597e0a03d35
SHA256: 6c8662a403e2451f24f5351f4973e00f5fc894bff5a6b8fa6d c055e2a64a6810
SHA512: 154550a12404ec25772c18700842fd307a4cf51783e814bfc4 31e04e04ce9fe8
a2deeb57d128b87080aa2b1c3c93be7c96dd83b7adac067f41 db502c3ef63994
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x417010
timedatestamp.....: 0x482e9052 (Sat May 17 07:59:14 200

machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xd000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xe000 0xa000 0x9200 7.90 7cced073e5b6aa9d88e1cbf47df8d513
UPX2 0x18000 0x1000 0x200 2.91 6d33674852f41435a18abd2d4b19afd4

( 4 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> SHLWAPI.dll: PathIsDirectoryA
> USER32.dll: ShowWindow
> WS2_32.dll: -

( 0 exports )
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

ответ [email protected]
\qip2.exe Инфицирован Trojan-Dropper.Win32.Pincher.bg

**Alex_Goodwin** · 18.05.2008, 15:49

---

Код:

Файл wstest.dll получен 2008.05.18 12:11:41 (CET)
Текущий статус: закончено 
Результат: 3/32 (9.38%)
 Форматированные 
Печать результатов  Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.10.0	2008.05.13	-
AntiVir	7.8.0.17	2008.05.13	HEUR/Malware
Authentium	5.1.0.4	2008.05.14	-
Avast	4.8.1169.0	2008.05.12	-
AVG	7.5.0.516	2008.05.13	-
BitDefender	7.2	2008.05.08	-
CAT-QuickHeal	9.50	2008.05.12	-
ClamAV	0.92.1	2008.05.13	-
DrWeb	4.44.0.09170	2008.05.13	-
eSafe	7.0.15.0	2008.05.12	-
eTrust-Vet	31.4.5784	2008.05.13	-
Ewido	4.0	2008.05.13	-
F-Prot	4.4.2.54	2008.05.13	-
F-Secure	6.70.13260.0	2008.05.13	-
Fortinet	3.14.0.0	2008.05.13	-
GData	2.0.7306.1023	2008.05.14	-
Ikarus	T3.1.1.26.0	2008.05.13	-
Kaspersky	7.0.0.125	2008.05.13	-
McAfee	5293	2008.05.12	-
Microsoft	1.3408	2008.05.13	-
NOD32v2	3095	2008.05.13	-
Norman	5.80.02	2008.05.09	-
Panda	9.0.0.4	2008.05.12	Suspicious file
Prevx1	V2	2008.05.18	-
Rising	20.44.12.00	2008.05.13	-
Sophos	4.29.0	2008.05.13	-
Sunbelt	3.0.1114.0	2008.05.12	-
Symantec	10	2008.05.13	-
TheHacker	6.2.92.309	2008.05.13	-
VBA32	3.12.6.6	2008.05.13	-
VirusBuster	4.3.26:9	2008.05.12	-
Webwasher-Gateway	6.6.2	2008.05.13	Heuristic.Malware
Дополнительная информация
File size: 7680 bytes
MD5...: 692f13c703ff9fc8a71f2da0617bfd99
SHA1..: 37f5722091998b483063e10da872880aeda706a7
SHA256: bc6021f4e171ac7505e7c18f95ad28707ca35d3ef38fbcdd1cb5f9f7237fc4ce
SHA512: d78ce19f6e5a274b8c65c83d7abb8903348cc0491e39d17a37d66038223e2863
fe9d849765bb9ed9f0b193635ece2e380aee1372acdd2d9916345b33a49d6d60
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100009d6
timedatestamp.....: 0x48077ecc (Thu Apr 17 16:46:04 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x200 0x118e 0x1200 5.76 9f63dcc93871507979b00c4429c75508
.data 0x1400 0x62e 0x800 4.21 8604c046dca04a429a41d065b25c4d04
.reloc 0x1c00 0x186 0x200 4.65 7777b7ed8ed6c57fde52d25d96edafa2

( 4 imports ) 
> WSOCK32.dll: -, -, -, -, -, -, -, -, -
> KERNEL32.dll: CreateToolhelp32Snapshot, Process32First, OpenProcess, TerminateProcess, Process32Next, lstrlenA, lstrcatA, lstrcpyA, CloseHandle, WriteFile, CreateFileA, Sleep, WinExec, lstrcmpiA, GetVersionExA, GetVolumeInformationA, DeleteFileA, GetFileSize, ReadFile, GetSystemDirectoryA, GetProcAddress, LoadLibraryExA
> USER32.dll: wsprintfA
> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey

( 1 exports ) 
winl

**Surfer** · 19.05.2008, 23:01

File index.htm received on 05.19.2008 20:58:55 (CET)
Result: 4/32 (12.5%)

AhnLab-V3 2008.5.20.0 2008.05.19 -
AntiVir 7.8.0.19 2008.05.19 -
Authentium 5.1.0.4 2008.05.18 -
Avast 4.8.1195.0 2008.05.18 -
AVG 7.5.0.516 2008.05.19 -
BitDefender 7.2 2008.05.19 -
CAT-QuickHeal 9.50 2008.05.19 -
ClamAV 0.92.1 2008.05.19 -
DrWeb 4.44.0.09170 2008.05.19 -
eSafe 7.0.15.0 2008.05.19 -
eTrust-Vet 31.4.5798 2008.05.16 -
Ewido 4.0 2008.05.19 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.19 Trojan-Spy.HTML.Prikolfraud.c
Fortinet 3.14.0.0 2008.05.19 -
GData 2.0.7306.1023 2008.05.19 Trojan-Spy.HTML.Prikolfraud.c
Ikarus T3.1.1.26.0 2008.05.19 Trojan-Spy.HTML.Prikolfraud.c
Kaspersky 7.0.0.125 2008.05.19 Trojan-Spy.HTML.Prikolfraud.c
McAfee 5298 2008.05.19 -
Microsoft 1.3408 2008.05.13 -
NOD32v2 3110 2008.05.19 -
Norman 5.80.02 2008.05.19 -
Panda 9.0.0.4 2008.05.19 -
Prevx1 V2 2008.05.19 -
Rising 20.45.02.00 2008.05.19 -
Sophos 4.29.0 2008.05.19 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.19 -
TheHacker 6.2.92.313 2008.05.19 -
VBA32 3.12.6.6 2008.05.19 -
VirusBuster 4.3.26:9 2008.05.19 -
Webwasher-Gateway 6.6.2 2008.05.19 -

http://www.virustotal.com/analisis/1...50af694a21c396

**Макcим** · 20.05.2008, 13:25

t=23113

Файл avz00002.dta получен 2008.05.20 11:12:26 (CET)
Антивирус Версия Обновление Результат
AhnLab-V3 2008.5.20.0 2008.05.20 -
AntiVir 7.8.0.19 2008.05.20 DR/Delphi.Gen
Authentium 5.1.0.4 2008.05.19 -
Avast 4.8.1195.0 2008.05.19 -
AVG 7.5.0.516 2008.05.19 Dropper.Generic.XNM
BitDefender 7.2 2008.05.20 -
CAT-QuickHeal 9.50 2008.05.19 -
ClamAV 0.92.1 2008.05.20 -
DrWeb 4.44.0.09170 2008.05.20 -
eSafe 7.0.15.0 2008.05.19 suspicious Trojan/Worm
eTrust-Vet 31.4.5805 2008.05.20 -
Ewido 4.0 2008.05.19 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.20 -
Fortinet 3.14.0.0 2008.05.20 Dropper.BB!tr
GData 2.0.7306.1023 2008.05.20 Win32:Rootkit-gen
Ikarus T3.1.1.26.0 2008.05.20 Virus.Win32.Zapchast.DA
Kaspersky 7.0.0.125 2008.05.20 -
McAfee 5298 2008.05.19 Generic Dropper.bb
Microsoft 1.3520 2008.05.20 Trojan:Win32/Delfobfus.A
NOD32v2 3113 2008.05.20 a variant of Win32/Injector.AJ
Norman 5.80.02 2008.05.19 -
Panda 9.0.0.4 2008.05.20 -
Prevx1 V2 2008.05.20 Cloaked Malware
Rising 20.45.11.00 2008.05.20 Trojan.DL.Win32.Agent.bxw
Sophos 4.29.0 2008.05.20 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.20 -
TheHacker 6.2.92.314 2008.05.20 -
VBA32 3.12.6.6 2008.05.19 -
VirusBuster 4.3.26:9 2008.05.19 -
Webwasher-Gateway 6.6.2 2008.05.20 Trojan.Dropper.Delphi.Gen
Дополнительная информация
File size: 39424 bytes
MD5...: 16bd8b5e9a1548ef83e7af2062ab10ad
SHA1..: c8a21f80d0f1d56441492478517cbfd1f7bb42af
SHA256: e3f710326e1d2a8109677d3b5700505d1e42f72e2f4ab3952a deccbf5804df4d
SHA512: a42b9801591a593a095131a0c46564c5b171b0aae1ddb6f860 8bd3ee8a00a613 850969dc7044505ab56acfcca9256a7c df6fb29ebc8f90c5030498f3f6765770
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2180f0 timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x10e000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x10f000 0xa000 0x9400 7.73 584d0de443dc9c81a69adc3d3c1d2d9f .rsrc 0x119000 0x1000 0x200 3.02 3a68472f58715037a971f3c97b0e8f1f ( 3 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > gdi32.dll: SetTextColor > user32.dll: GetDC ( 0 exports ) 
Prevx info: http://info.prevx.com/aboutprogramte...1A6C0011CFD500
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

**Surfer** · 20.05.2008, 18:19

File video.exe received on 05.20.2008 16:00:49 (CET)
Result: 7/32 (21.88%)

AhnLab-V3 2008.5.20.0 2008.05.20 -
AntiVir 7.8.0.19 2008.05.20 -
Authentium 5.1.0.4 2008.05.19 -
Avast 4.8.1195.0 2008.05.20 -
AVG 7.5.0.516 2008.05.20 -
BitDefender 7.2 2008.05.20 -
CAT-QuickHeal 9.50 2008.05.19 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.05.20 -
DrWeb 4.44.0.09170 2008.05.20 -
eSafe 7.0.15.0 2008.05.19 Suspicious File
eTrust-Vet 31.4.5806 2008.05.20 -
Ewido 4.0 2008.05.20 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.20 -
Fortinet 3.14.0.0 2008.05.20 W32/PolyZlob!tr.dldr
GData 2.0.7306.1023 2008.05.20 -
Ikarus T3.1.1.26.0 2008.05.20 -
Kaspersky 7.0.0.125 2008.05.20 -
McAfee 5298 2008.05.19 -
Microsoft 1.3520 2008.05.20 TrojanDropper:Win32/Nuwar.gen!lds
NOD32v2 3114 2008.05.20 -
Norman 5.80.02 2008.05.19 -
Panda 9.0.0.4 2008.05.20 -
Prevx1 V2 2008.05.20 -
Rising 20.45.12.00 2008.05.20 -
Sophos 4.29.0 2008.05.20 Mal/EncPk-DA
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.20 -
TheHacker 6.2.92.314 2008.05.20 -
VBA32 3.12.6.6 2008.05.19 MalwareScope.Worm.Nuwar-Glowa.1
VirusBuster 4.3.26:9 2008.05.19 -
Webwasher-Gateway 6.6.2 2008.05.20 Worm.Win32.Malware.gen (suspicious)

http://www.virustotal.com/analisis/6...bab7ca915dfe8f

**Shu_b** · 21.05.2008, 17:35

t 23161

Код:

File tcpsr.sys received on 05.21.2008 12:49:09 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.20.0	2008.05.21	-
AntiVir	7.8.0.19	2008.05.21	TR/Rootkit.Gen
Authentium	5.1.0.4	2008.05.21	-
Avast	4.8.1195.0	2008.05.21	-
AVG	7.5.0.516	2008.05.20	SpamBot.G
BitDefender	7.2	2008.05.21	-
CAT-QuickHeal	9.50	2008.05.19	-
ClamAV	0.92.1	2008.05.21	-
DrWeb	4.44.0.09170	2008.05.21	-
eSafe	7.0.15.0	2008.05.20	-
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.21	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.21	-
Fortinet	3.14.0.0	2008.05.21	-
GData	2.0.7306.1023	2008.05.21	-
Ikarus	T3.1.1.26.0	2008.05.21	Trojan.Rootkit
Kaspersky	7.0.0.125	2008.05.21	-
McAfee	5299	2008.05.20	-
Microsoft	1.3520	2008.05.21	VirTool:WinNT/Cutwail.gen!C
NOD32v2	3116	2008.05.21	-
Norman	5.80.02	2008.05.20	-
Panda	9.0.0.4	2008.05.21	-
Prevx1	V2	2008.05.21	-
Rising	20.45.12.00	2008.05.20	-
Sophos	4.29.0	2008.05.21	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.21	-
TheHacker	6.2.92.314	2008.05.20	-
VBA32	3.12.6.6	2008.05.20	-
VirusBuster	4.3.26:9	2008.05.20	-
Webwasher-Gateway	6.6.2	2008.05.21	Trojan.Rootkit.Gen
Additional information
File size: 8064 bytes

t 23174

Код:

Файл chief.scr получен 2008.05.21 10:19:31 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.20.0	2008.05.21	-
AntiVir	7.8.0.19	2008.05.21	-
Authentium	5.1.0.4	2008.05.21	-
Avast	4.8.1195.0	2008.05.21	-
AVG	7.5.0.516	2008.05.20	Dropper.FreeJoiner.D
BitDefender	7.2	2008.05.21	Trojan.PWS.LdPinch.TNV
CAT-QuickHeal	9.50	2008.05.19	-
ClamAV	0.92.1	2008.05.21	-
DrWeb	4.44.0.09170	2008.05.21	-
eSafe	7.0.15.0	2008.05.20	-
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.20	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.21	-
Fortinet	3.14.0.0	2008.05.21	-
GData	2.0.7306.1023	2008.05.21	-
Ikarus	T3.1.1.26.0	2008.05.21	-
Kaspersky	7.0.0.125	2008.05.21	-
McAfee	5299	2008.05.20	-
Microsoft	1.3520	2008.05.21	-
NOD32v2	3115	2008.05.20	probably a variant of Win32/TrojanDropper.Agent.NKS
Norman	5.80.02	2008.05.20	-
Panda	9.0.0.4	2008.05.21	Suspicious file
Prevx1	V2	2008.05.21	-
Rising	20.45.12.00	2008.05.20	-
Sophos	4.29.0	2008.05.21	Mal/EncPk-CO
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.21	-
TheHacker	6.2.92.314	2008.05.20	-
VBA32	3.12.6.6	2008.05.20	-
VirusBuster	4.3.26:9	2008.05.20	-
Webwasher-Gateway	6.6.2	2008.05.21	Win32.Malware.gen!80 (suspicious)
Дополнительная информация
File size: 84480 bytes

Добавлено через 2 часа 0 минут

t 22934

Код:

File avz.exe_ received on 05.21.2008 14:52:14 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.20.0	2008.05.21	-
AntiVir	7.8.0.19	2008.05.21	-
Authentium	5.1.0.4	2008.05.21	-
Avast	4.8.1195.0	2008.05.21	-
AVG	7.5.0.516	2008.05.21	-
BitDefender	7.2	2008.05.21	Trojan.Inject.HP
CAT-QuickHeal	9.50	2008.05.19	-
ClamAV	0.92.1	2008.05.21	-
DrWeb	4.44.0.09170	2008.05.21	-
eSafe	7.0.15.0	2008.05.20	suspicious Trojan/Worm
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.21	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.21	Virus.Win32.Afgan.a
Fortinet	3.14.0.0	2008.05.21	W32/Afgen.A
GData	2.0.7306.1023	2008.05.21	Virus.Win32.Afgan.a
Ikarus	T3.1.1.26.0	2008.05.21	BehavesLike.Win32.ExplorerHijack
Kaspersky	7.0.0.125	2008.05.21	Virus.Win32.Afgan.a
McAfee	5299	2008.05.20	-
Microsoft	1.3520	2008.05.21	Virus:Win32/Afgar.A
NOD32v2	3116	2008.05.21	-
Norman	5.80.02	2008.05.20	-
Panda	9.0.0.4	2008.05.21	-
Prevx1	V2	2008.05.21	-
Rising	20.45.12.00	2008.05.21	-
Sophos	4.29.0	2008.05.21	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.21	-
TheHacker	6.2.92.314	2008.05.20	-
VBA32	3.12.6.6	2008.05.21	-
VirusBuster	4.3.26:9	2008.05.20	-
Webwasher-Gateway	6.6.2	2008.05.21	-
Additional information
File size: 758784 bytes
MD5...: d108b4e849d00764d935c951578fb9bc

Добавлено через 39 минут

t 23175

Код:

File temp\winlogon.exe received on 05.21.2008 15:27:02 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.20.0	2008.05.21	-
AntiVir	7.8.0.19	2008.05.21	DR/Delphi.Gen
Authentium	5.1.0.4	2008.05.21	-
Avast	4.8.1195.0	2008.05.21	-
AVG	7.5.0.516	2008.05.21	-
BitDefender	7.2	2008.05.21	-
CAT-QuickHeal	9.50	2008.05.21	-
ClamAV	0.92.1	2008.05.21	-
DrWeb	4.44.0.09170	2008.05.21	-
eSafe	7.0.15.0	2008.05.20	suspicious Trojan/Worm
eTrust-Vet	31.4.5808	2008.05.21	-
Ewido	4.0	2008.05.21	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.21	-
Fortinet	3.14.0.0	2008.05.21	-
GData	2.0.7306.1023	2008.05.21	-
Ikarus	T3.1.1.26.0	2008.05.21	Virus.Win32.Zapchast.DA
Kaspersky	7.0.0.125	2008.05.21	-
McAfee	5299	2008.05.20	Generic Dropper.bb
Microsoft	1.3520	2008.05.21	Trojan:Win32/Delfobfus.A
NOD32v2	3116	2008.05.21	a variant of Win32/Injector.AJ
Norman	5.80.02	2008.05.20	-
Panda	9.0.0.4	2008.05.21	-
Prevx1	V2	2008.05.21	Cloaked Malware
Rising	20.45.12.00	2008.05.21	Trojan.DL.Win32.Agent.bxw
Sophos	4.29.0	2008.05.21	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.21	-
TheHacker	6.2.92.314	2008.05.20	-
VBA32	3.12.6.6	2008.05.21	-
VirusBuster	4.3.26:9	2008.05.20	-
Webwasher-Gateway	6.6.2	2008.05.21	Trojan.Dropper.Delphi.Gen
Additional information
File size: 39424 bytes

**Groft** · 22.05.2008, 14:53

Файл autorun.inf получен 2008.05.22 12:39:26 (CET)
Текущий статус: закончено
Результат: 13/32 (40.63%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
AhnLab-V3 2008.5.22.1 2008.05.22 -
AntiVir 7.8.0.19 2008.05.22 -
Authentium 5.1.0.4 2008.05.21 IS/Autorun
Avast 4.8.1195.0 2008.05.22 VBS:Malware-gen
AVG 7.5.0.516 2008.05.22 Worm/AutoRun
BitDefender 7.2 2008.05.22 -
CAT-QuickHeal 9.50 2008.05.21 -
ClamAV 0.92.1 2008.05.22 -
DrWeb 4.44.0.09170 2008.05.22 Win32.HLLW.Autoruner.1252
eSafe 7.0.15.0 2008.05.21 -
eTrust-Vet 31.4.5812 2008.05.22 INF/Frethog
Ewido 4.0 2008.05.22 -
F-Prot 4.4.2.54 2008.05.16 IS/Autorun
F-Secure 6.70.13260.0 2008.05.22 -
Fortinet 3.14.0.0 2008.05.22 W32/OnLineGames.NLI!tr.pws
GData 2.0.7306.1023 2008.05.22 VBS:Malware-gen
Ikarus T3.1.1.26.0 2008.05.22 -
Kaspersky 7.0.0.125 2008.05.22 -
McAfee 5300 2008.05.21 Generic!atr
Microsoft 1.3520 2008.05.22 -
NOD32v2 3120 2008.05.22 Win32/PSW.OnLineGames.NLI
Norman 5.80.02 2008.05.21 -
Panda 9.0.0.4 2008.05.22 W32/Lineage.GYE.worm
Prevx1 V2 2008.05.22 -
Rising 20.45.32.00 2008.05.22 -
Sophos 4.29.0 2008.05.22 W32/AutoRun-AG
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.22 -
TheHacker 6.2.92.316 2008.05.22 Trojan/Small.autorun
VBA32 3.12.6.6 2008.05.21 -
VirusBuster 4.3.26:9 2008.05.21 -
Webwasher-Gateway 6.6.2 2008.05.22 -

http://www.virustotal.com/ru/analisi...ab897ea7f5860e
в режиме real-time у vba32 он подозрительный

**senyak** · 22.05.2008, 20:18

Файл codecthe51070.ety получен 2008.05.22 16:28:26 (CET)
Текущий статус: закончено
Результат: 8/32 (25.00%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.5.22.1 2008.05.22 -
AntiVir 7.8.0.19 2008.05.22 TR/Dldr.Zlob.NMO
Authentium 5.1.0.4 2008.05.21 -
Avast 4.8.1195.0 2008.05.22 -
AVG 7.5.0.516 2008.05.22 Downloader.Zlob.ZV
BitDefender 7.2 2008.05.22 -
CAT-QuickHeal 9.50 2008.05.22 -
ClamAV 0.92.1 2008.05.22 Trojan.Zlob-4837
DrWeb 4.44.0.09170 2008.05.22 -
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5812 2008.05.22 -
Ewido 4.0 2008.05.22 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.22 Trojan-Downloader.Win32.Zlob.eie
Fortinet 3.14.0.0 2008.05.22 -
GData 2.0.7306.1023 2008.05.22 Trojan-Downloader.Win32.Zlob.eie
Ikarus T3.1.1.26.0 2008.05.22 -
Kaspersky 7.0.0.125 2008.05.22 Trojan-Downloader.Win32.Zlob.eie
McAfee 5300 2008.05.21 -
Microsoft 1.3520 2008.05.22 -
NOD32v2 3121 2008.05.22 -
Norman 5.80.02 2008.05.22 -
Panda 9.0.0.4 2008.05.22 -
Prevx1 V2 2008.05.22 -
Rising 20.45.32.00 2008.05.22 -
Sophos 4.29.0 2008.05.22 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.22 -
TheHacker 6.2.92.316 2008.05.22 Trojan/Downloader.Zlob.eie
VBA32 3.12.6.6 2008.05.22 -
VirusBuster 4.3.26:9 2008.05.22 -
Webwasher-Gateway 6.6.2 2008.05.22 Trojan.Dldr.Zlob.NMO

Дополнительная информация
File size: 74856 bytes
MD5...: bc428b5b166205452b6b4aa2f7fc61c1
SHA1..: 0e8625d3d02049367fed37b5f7e8e7869523933d
SHA256: 2a6c34e8f6388e49a4d5a39c6f274d6e74807d7777147f16af 6294b764bb27a2
SHA512: 8a60010c6ba73aeb2bee88d403bb4cf6cb9067ef6e7e4eec03 47d91d8e94c6a4
2e2f1152c633e26743c08552bebddbcac9cdcebb7007680fac 7fdc14307c8621
PEiD..: -
PEInfo: PE Structure information

**ZhIV** · 23.05.2008, 05:16

Код:

Файл jeur430.exe получен 2008.05.23 02:28:37 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	PCK/NSIS.M
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	DNSChanger.AA
BitDefender	7.2	2008.05.23	Trojan.DNSChanger.SL
CAT-QuickHeal	9.50	2008.05.22	-
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	Trojan.Win32.DNSChanger.bov
Fortinet	3.14.0.0	2008.05.22	-
GData	2.0.7306.1023	2008.05.23	-
Ikarus	T3.1.1.26.0	2008.05.23	-
Kaspersky	7.0.0.125	2008.05.23	Trojan.Win32.DNSChanger.bov
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	TrojanDropper:Win32/Alureon.D
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	Malware Dropper
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Packer.NSIS.M

Дополнительная информация
File size: 109192 bytes

Добавлено через 15 минут

Код:

Файл jeur599.exe получен 2008.05.23 02:30:25 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	TR/Drop.Ag.37888-28
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	PSW.Webmoner.D
BitDefender	7.2	2008.05.23	-
CAT-QuickHeal	9.50	2008.05.22	-
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	Trojan.PWS.Webmonier.18
eSafe	7.0.15.0	2008.05.22	Suspicious File
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	Logger.Webmoner.jl
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	Trojan-Spy.Win32.Webmoner.jl
Fortinet	3.14.0.0	2008.05.22	Spy/Webmoner
GData	2.0.7306.1023	2008.05.23	Trojan-Spy.Win32.Webmoner.jl
Ikarus	T3.1.1.26.0	2008.05.23	Trojan-Spy.Win32.Webmoner.jl
Kaspersky	7.0.0.125	2008.05.23	Trojan-Spy.Win32.Webmoner.jl
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	-
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	W32/Webmoner.VV
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	Malicious Software
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	Mal/Generic-A
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	Trojan/Spy.Webmoner.jl
VBA32	3.12.6.6	2008.05.22	Trojan-Spy.Win32.Webmoner.jl
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Trojan.Drop.Ag.37888-28

Дополнительная информация
File size: 37888 bytes
MD5...: 1067d0e85cb48c0a810ce1d6ae18f0c7

Код:

Файл jeur623.exe получен 2008.05.23 02:39:44 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	SHeur.BLNN
BitDefender	7.2	2008.05.23	Trojan.Crypt.DI
CAT-QuickHeal	9.50	2008.05.22	Worm.Socks.md
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	Worm.Win32.Socks.md
Fortinet	3.14.0.0	2008.05.22	W32/Socks.MD!worm
GData	2.0.7306.1023	2008.05.23	Worm.Win32.Socks.md
Ikarus	T3.1.1.26.0	2008.05.23	Trojan.Crypt.DI
Kaspersky	7.0.0.125	2008.05.23	Worm.Win32.Socks.md
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	TrojanDropper:Win32/Buzus.gen!A
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	W32/Socks.T
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	Malicious Software
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	Mal/Generic-A
Sunbelt	3.0.1123.1	2008.05.17	VIPRE.Suspicious
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Trojan.Crypt.XPACK.Gen

Дополнительная информация
File size: 9216 bytes
MD5...: f15988aa3743b6ab54b34b5d90dfa692

Код:

Файл jeur627.exe получен 2008.05.23 02:41:19 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	-
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	-
BitDefender	7.2	2008.05.23	-
CAT-QuickHeal	9.50	2008.05.22	Trojan.Srizbi.ag
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
Fortinet	3.14.0.0	2008.05.22	-
GData	2.0.7306.1023	2008.05.23	Trojan.Win32.Srizbi.ag
Ikarus	T3.1.1.26.0	2008.05.23	Virus.Trojan.Win32.Srizbi.ag
Kaspersky	7.0.0.125	2008.05.23	Trojan.Win32.Srizbi.ag
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	-
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	-
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Win32.Malware.dam (suspicious)

Дополнительная информация
File size: 56088 bytes
MD5...: d97e63f2c5c659db19eaa3b3fc84725d

Код:

Файл jeur641.exe получен 2008.05.23 02:43:56 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	TR/Crypt.CD.7
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	PSW.Agent.THE
BitDefender	7.2	2008.05.23	Trojan.Crypt.CD
CAT-QuickHeal	9.50	2008.05.22	TrojanPSW.Agent.alb
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	Suspicious File
eTrust-Vet	31.4.5814	2008.05.22	Win32/VMalum.CYWO
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	Trojan-PSW.Win32.Agent.alb
Fortinet	3.14.0.0	2008.05.22	-
GData	2.0.7306.1023	2008.05.23	Trojan-PSW.Win32.Agent.alb
Ikarus	T3.1.1.26.0	2008.05.23	Trojan.Crypt.CD
Kaspersky	7.0.0.125	2008.05.23	Trojan-PSW.Win32.Agent.alb
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	Trojan:Win32/Meredrop
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	Trj/WoW.TZ
Prevx1	V2	2008.05.23	Malicious Software
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	Mal/Generic-A
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	Infostealer
TheHacker	6.2.92.318	2008.05.23	Trojan/PSW.Agent.alb
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Trojan.Crypt.CD.7

Дополнительная информация
File size: 65024 bytes
MD5...: 45ccb5b40703c5f365ba076553ab3d05

Код:

Файл jeur642.exe получен 2008.05.23 02:45:09 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	-
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	-
BitDefender	7.2	2008.05.23	-
CAT-QuickHeal	9.50	2008.05.22	-
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	-
Fortinet	3.14.0.0	2008.05.22	-
GData	2.0.7306.1023	2008.05.23	-
Ikarus	T3.1.1.26.0	2008.05.23	-
Kaspersky	7.0.0.125	2008.05.23	-
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	-
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	Suspicious file
Prevx1	V2	2008.05.23	-
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Win32.Malware.dam (suspicious)

Дополнительная информация
File size: 14881 bytes
MD5...: ac9d4545dfd8ec5c6a1cfa79f6f7a8a1

Добавлено через 24 минуты

Код:

Файл jeur345.exe получен 2008.05.23 03:11:27 (CET)
Антивирус	Версия	Обновление	Результат
AhnLab-V3	2008.5.22.1	2008.05.22	-
AntiVir	7.8.0.19	2008.05.22	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	SHeur.BHTK
BitDefender	7.2	2008.05.23	-
CAT-QuickHeal	9.50	2008.05.22	(Suspicious) - DNAScan
ClamAV	0.92.1	2008.05.22	-
DrWeb	4.44.0.09170	2008.05.23	-
eSafe	7.0.15.0	2008.05.22	Suspicious File
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.22	-
Fortinet	3.14.0.0	2008.05.22	W32/STRAT_GEN.3!worm
GData	2.0.7306.1023	2008.05.23	-
Ikarus	T3.1.1.26.0	2008.05.23	Trojan.Crypt.XPACK
Kaspersky	7.0.0.125	2008.05.23	-
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	TrojanDropper:Win32/Srizbi.gen!D
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	-
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.22	Mal/EncPk-CK
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	Trojan.Crypt.XPACK.Gen

Дополнительная информация
File size: 167936 bytes
MD5...: 9294b7367b75231e32fe38bdc765563d

**R@nza** · 23.05.2008, 06:42

Файл svchosts.exe получен 2008.05.22 04:35:42 (CET)
Текущий статус: закончено
Результат: 8/32 (25.00%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
AhnLab-V3 2008.5.20.0 2008.05.21 -
AntiVir 7.8.0.19 2008.05.21 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.05.21 -
Avast 4.8.1195.0 2008.05.21 -
AVG 7.5.0.516 2008.05.21 Pakes
BitDefender 7.2 2008.05.22 Trojan.Spy.Wsnpoem.CH
CAT-QuickHeal 9.50 2008.05.21 -
ClamAV 0.92.1 2008.05.22 -
DrWeb 4.44.0.09170 2008.05.21 -
eSafe 7.0.15.0 2008.05.21 Suspicious File
eTrust-Vet 31.4.5808 2008.05.21 -
Ewido 4.0 2008.05.21 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.22 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.05.22 -
GData 2.0.7306.1023 2008.05.22 -
Ikarus T3.1.1.26.0 2008.05.22 -
Kaspersky 7.0.0.125 2008.05.22 -
McAfee 5300 2008.05.21 Spy-Agent.bw.gen.e
Microsoft 1.3520 2008.05.22 PWS:Win32/Zbot.gen!E
NOD32v2 3118 2008.05.21 -
Norman 5.80.02 2008.05.21 -
Panda 9.0.0.4 2008.05.22 -
Prevx1 V2 2008.05.22 -
Rising 20.45.22.00 2008.05.22 -
Sophos 4.29.0 2008.05.22 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.22 -
TheHacker 6.2.92.315 2008.05.21 -
VBA32 3.12.6.6 2008.05.21 -
VirusBuster 4.3.26:9 2008.05.21 -
Webwasher-Gateway 6.6.2 2008.05.21 Trojan.Crypt.XPACK.Gen
Дополнительная информация
File size: 50688 bytes
MD5...: dbbc12952a8f0fec8eb0268f7223f66f
SHA1..: 05ca78a3e43797cb019f076f3e98a4d88f3c2a66
SHA256: e48c8448c1ec44a4b07fd26438455e4551d100dc19c7969905 5b9446c6acfdb6
SHA512: 17cb55fbd91428445dfbbc99f90a7689a1846f6f53f0124459 b2e9f30e8f518e
3dcfe6ce04de64921032288205dcf684d8de59de6097b8c8a8 0990d7a09fe339

**Гриша** · 23.05.2008, 10:29

t=23264

Файл avz00002.dta получен 2008.05.23 08:21:22 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.5.22.1 2008.05.23 -
AntiVir 7.8.0.19 2008.05.22 HEUR/Malware
Authentium 5.1.0.4 2008.05.22 -
Avast 4.8.1195.0 2008.05.22 -
AVG 7.5.0.516 2008.05.22 -
BitDefender 7.2 2008.05.23 -
CAT-QuickHeal 9.50 2008.05.22 -
ClamAV 0.92.1 2008.05.23 -
DrWeb 4.44.0.09170 2008.05.23 -
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5814 2008.05.22 -
Ewido 4.0 2008.05.22 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.22-W32/Malware
Fortinet 3.14.0.0 2008.05.23 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.23 -
Kaspersky 7.0.0.125 2008.05.23 -
McAfee 5301 2008.05.22 -
Microsoft 1.3520 2008.05.23 -
NOD32v2 3124 2008.05.23 -
Norman 5.80.02 2008.05.22-W32/Malware
Panda 9.0.0.4 2008.05.22 -
Prevx1 V2 2008.05.23 -
Rising 20.45.32.00 2008.05.22-Backdoor.Win32.RemoteAdmin.h
Sophos 4.29.0 2008.05.23 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.23 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.22 -
VirusBuster 4.3.26:9 2008.05.22 -
Webwasher-Gateway 6.6.2 2008.05.23 Heuristic.Malware

Файл avz00003.dta получен 2008.05.23 08:21:55 (CET)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.5.22.1 2008.05.23 -
AntiVir 7.8.0.19 2008.05.22-HEUR/Malware
Authentium 5.1.0.4 2008.05.22 -
Avast 4.8.1195.0 2008.05.22 -
AVG 7.5.0.516 2008.05.22 -
BitDefender 7.2 2008.05.23 -
CAT-QuickHeal 9.50 2008.05.22 -
ClamAV 0.92.1 2008.05.23 -
DrWeb 4.44.0.09170 2008.05.23 -
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5814 2008.05.22 -
Ewido 4.0 2008.05.22 -
F-Prot 4.4.2.54 2008.05.16 -
Fortinet 3.14.0.0 2008.05.23 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.23 -
Kaspersky 7.0.0.125 2008.05.23 -
McAfee 5301 2008.05.22 -
Microsoft 1.3520 2008.05.23 -
NOD32v2 3124 2008.05.23 -
Norman 5.80.02 2008.05.22-W32/Malware
Panda 9.0.0.4 2008.05.22 -
Prevx1 V2 2008.05.23 -
Rising 20.45.32.00 2008.05.22-Backdoor.Win32.RemoteAdmin.h
Sophos 4.29.0 2008.05.23 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.23 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.22 -
VirusBuster 4.3.26:9 2008.05.22 -
Webwasher-Gateway 6.6.2 2008.05.23-Heuristic.Malware

**Shu_b** · 23.05.2008, 12:54

Код:

File Temp\wmsetup.dll received on 05.23.2008 10:13:42 (CET)
Antivirus	Version	Last Update	Result
AhnLab-V3	2008.5.22.1	2008.05.23	-
AntiVir	7.8.0.19	2008.05.23	-
Authentium	5.1.0.4	2008.05.22	-
Avast	4.8.1195.0	2008.05.22	-
AVG	7.5.0.516	2008.05.22	-
BitDefender	7.2	2008.05.23	DeepScan:Generic.Malware.dld!!.8E2E18BD
CAT-QuickHeal	9.50	2008.05.22	-
ClamAV	0.92.1	2008.05.23	-
DrWeb	4.44.0.09170	2008.05.23	DLOADER.Trojan
eSafe	7.0.15.0	2008.05.22	-
eTrust-Vet	31.4.5814	2008.05.22	-
Ewido	4.0	2008.05.22	-
F-Prot	4.4.2.54	2008.05.16	-
F-Secure	6.70.13260.0	2008.05.23	Trojan-Downloader.Win32.Murlo.nn
Fortinet	3.14.0.0	2008.05.23	-
GData	2.0.7306.1023	2008.05.23	Trojan-Downloader.Win32.Murlo.nn
Ikarus	T3.1.1.26.0	2008.05.23	-
Kaspersky	7.0.0.125	2008.05.23	Trojan-Downloader.Win32.Murlo.nn
McAfee	5301	2008.05.22	-
Microsoft	1.3520	2008.05.23	-
NOD32v2	3124	2008.05.23	-
Norman	5.80.02	2008.05.22	-
Panda	9.0.0.4	2008.05.22	-
Prevx1	V2	2008.05.23	-
Rising	20.45.32.00	2008.05.22	-
Sophos	4.29.0	2008.05.23	-
Sunbelt	3.0.1123.1	2008.05.17	-
Symantec	10	2008.05.23	-
TheHacker	6.2.92.318	2008.05.23	-
VBA32	3.12.6.6	2008.05.22	-
VirusBuster	4.3.26:9	2008.05.22	-
Webwasher-Gateway	6.6.2	2008.05.23	-
Additional information
File size: 5632 bytes

**mayas** · 24.05.2008, 14:31

Result: 4/32 (12.5%)

Antivirus Version Last Update Result
AhnLab-V3 2008.5.22.1 2008.05.23 -
AntiVir 7.8.0.19 2008.05.23 -
Authentium 5.1.0.4 2008.05.23 -
Avast 4.8.1195.0 2008.05.23 -
AVG 7.5.0.516 2008.05.24 -
BitDefender 7.2 2008.05.24 -
CAT-QuickHeal 9.50 2008.05.24 -
ClamAV 0.92.1 2008.05.24 -
DrWeb 4.44.0.09170 2008.05.24 Trojan.DownLoader.origin
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5817 2008.05.23 -
Ewido 4.0 2008.05.23 -
F-Prot 4.4.4.56 2008.05.23 -
F-Secure 6.70.13260.0 2008.05.23 -
Fortinet 3.14.0.0 2008.05.24 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.24 Trojan-PWS.Win32.Firefox.k
Kaspersky 7.0.0.125 2008.05.24 -
McAfee 5302 2008.05.23 -
Microsoft 1.3520 2008.05.24 -
NOD32v2 3128 2008.05.23 -
Norman 5.80.02 2008.05.23 -
Panda 9.0.0.4 2008.05.23 -
Prevx1 V2 2008.05.24 Adware
Rising 20.45.42.00 2008.05.23 -
Sophos 4.29.0 2008.05.24 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.24 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.24 -
VirusBuster 4.3.26:9 2008.05.23 -
Webwasher-Gateway 6.6.2 2008.05.24 Virus.Win32.FileInfector.gen!90 (suspicious)

http://www.virustotal.com/analisis/5...afdd2e9655073b

File ______________________.__.bat received on 05.25.2008 00:33:53
Result: 1/32 (3.13%)

Antivirus Version Last Update Result
AhnLab-V3 2008.5.22.1 2008.05.23 -
AntiVir 7.8.0.19 2008.05.24 -
Authentium 5.1.0.4 2008.05.23 -
Avast 4.8.1195.0 2008.05.24 -
AVG 7.5.0.516 2008.05.24 -
BitDefender 7.2 2008.05.24 BehavesLike:Trojan.TaskDisabler
CAT-QuickHeal 9.50 2008.05.24 -
ClamAV 0.92.1 2008.05.24 -
DrWeb 4.44.0.09170 2008.05.24 -
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5817 2008.05.23 -
Ewido 4.0 2008.05.24 -
F-Prot 4.4.4.56 2008.05.23 -
F-Secure 6.70.13260.0 2008.05.23 -
Fortinet 3.14.0.0 2008.05.24 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.24 -
Kaspersky 7.0.0.125 2008.05.24 -
McAfee 5302 2008.05.23 -
Microsoft 1.3520 2008.05.25 -
NOD32v2 3128 2008.05.23 -
Norman 5.80.02 2008.05.23 -
Panda 9.0.0.4 2008.05.24 -
Prevx1 V2 2008.05.25 -
Rising 20.45.42.00 2008.05.23 -
Sophos 4.29.0 2008.05.24 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.24 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.24 -
VirusBuster 4.3.26:9 2008.05.24 -
Webwasher-Gateway 6.6.2 2008.05.25 -
Additional information
File size: 2486 bytes
MD5...: 5831dc9acd10f2a46334793d303676f9
SHA1..: fd37f0742210b95d93b1cf76ddc47bdb83a5fc23
SHA256: 29ed8253857f9535d5cda276640bf6fa9091adb1e5efc77b3a 3cd1d5dfbc7fd0
SHA512: e5ff70d9d10b4805a2f9201891426fb5b515a6069afa2a4210 db352d415d9faa
e36e0cbb0d5b13c540ba4cc1a7cf2aaf0b1feedbe5a4c18d8d 8c3d4f50d820eb
PEiD..: -
PEInfo: -
packers (Kaspersky): bvm

**Winsent** · 25.05.2008, 06:23

* name..: svchost.exe
* size..: 42496
* md5...: 2a0cfe442f8ac14b3b1d619597c87c1e
* sha1..: 04ef33ee52fb57009fb3fbd2935330e5ded5ecaf
* peid..: -

[ scan result ]
AhnLab-V3 2008.5.22.1/20080523 found nothing
AntiVir 7.8.0.19/20080524 found [TR/Spy.Gen]
Authentium 5.1.0.4/20080523 found [W32/LdPinch.I.gen!Eldorado]
Avast 4.8.1195.0/20080524 found nothing
AVG 7.5.0.516/20080524 found [PSW.Ldpinch.11.BM]
BitDefender 7.2/20080525 found [Trojan.PWS.LdPinch.TMK]
CAT-QuickHeal 9.50/20080524 found [TrojanPSW.LdPinch.cdz]
ClamAV 0.92.1/20080525 found nothing
DrWeb 4.44.0.09170/20080525 found nothing
eSafe 7.0.15.0/20080522 found nothing
eTrust-Vet 31.4.5817/20080523 found nothing
Ewido 4.0/20080524 found nothing
F-Prot 4.4.4.56/20080523 found [W32/LdPinch.I.gen!Eldorado]
F-Secure 6.70.13260.0/20080523 found [LdPinch.gen1]
Fortinet 3.14.0.0/20080524 found nothing
GData 2.0.7306.1023/20080523 found nothing
Ikarus T3.1.1.26.0/20080525 found [MalwareScope.Trojan-PWS.Pinch.1]
Kaspersky 7.0.0.125/20080525 found nothing
McAfee 5302/20080523 found nothing
Microsoft 1.3520/20080525 found [PWS:Win32/Ldpinch.gen]
NOD32v2 3128/20080523 found nothing
Norman 5.80.02/20080523 found [LdPinch.gen1]
Panda 9.0.0.4/20080524 found nothing
Prevx1 V2/20080525 found nothing
Rising 20.45.42.00/20080523 found nothing
Sophos 4.29.0/20080524 found [Mal/Basine-C]
Sunbelt 3.0.1123.1/20080517 found nothing
Symantec 10/20080525 found nothing
TheHacker 6.2.92.318/20080523 found nothing
VBA32 3.12.6.6/20080524 found [MalwareScope.Trojan-PSW.Pinch.42]
VirusBuster 4.3.26:9/20080524 found nothing
Webwasher-Gateway 6.6.2/20080525 found [Trojan.Spy.Gen]

Исследование антивирусов 6

Опции темы

свежак =)

новый зверек :)

было приклеено к другой программе

угоняет пароли фаерфокса

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 5

Исследование антивирусов 4

Исследование антивирусов 3

Исследование антивирусов 2

Ваши права в разделе