Исследование антивирусов 4

**The Un4given** · 11.12.2006, 09:36

В ящик на mail.ru свалилось сегодня

Return-path: <[email protected]>
Received: from [62.5.255.19] (port=63395 helo=umail.ru)
by mx26.mail.ru with esmtp
id 1Gt5FB-000BKu-00
for [email protected]; Sat, 09 Dec 2006 19:40:09 +0300
Received-SPF: none (mx26.mail.ru: 62.5.255.19 is neither permitted nor denied by domain of icq.com) client-ip=62.5.255.19; [email protected]; helo=umail.ru;
Received: from [212.94.122.1] (account [email protected] HELO icqm)
by fe01-umail.umail.ru (CommuniGate Pro SMTP 5.0.12)
with SMTPA id 69750782 for [email protected]; Sat, 09 Dec 2006 19:39:11 +0300
From: "ICQ" <[email protected]>
To: [email protected]
Subject: Новое сообщение
X-Mailer: The Bat! (v3.71.01) Professional
Reply-To: [email protected]
Date: Sat, 9 Dec 2006 22:39:15 +0600
Mime-Version: 1.0
Content-Type: text/html; charset=windows-1251
Message-ID: <[email protected]>
X-Spam: Not detected

Здравствуйте! 
 
Вам отправлено аудио-сообщение от: [email protected], ICQ 265074165 
 
<a href="http://icqm.ifastnet.com/message-678374.exe">[ Получить сообщение ]</a>

Complete scanning result of "message-678374.exe", processed in VirusTotal at 12/11/2006 07:18:48 (CET).

[ file data ]
* name: message-678374.exe
* size: 40676
* md5.: 9ae2cb788e54d88d9bcf04ee6fa2f656
* sha1: a665d66cda9a23a0351fa6be7349f6433e89aa31

[ scan result ]
AntiVir 7.2.0.49/20061210 found [Worm/Agent.D.12]
Authentium 4.93.8/20061208 found nothing
Avast 4.7.892.0/20061208 found [Win32

elf-CAT]
AVG 386/20061209 found nothing
BitDefender 7.2/20061211 found [Win32.Worm.Agent.D]
CAT-QuickHeal 8.00/20061209 found [(Suspicious) - DNAScan]
ClamAV devel-20060426/20061210 found nothing
DrWeb 4.33/20061210 found [Win32.HLLW.Kesk]
eSafe 7.0.14.0/20061207 found [suspicious Trojan/Worm]
eTrust-InoculateIT 23.73.81/20061209 found nothing
eTrust-Vet 30.3.3238/20061208 found nothing
Ewido 4.0/20061210 found [Worm.Agent.b]
F-Prot 3.16f/20061208 found nothing
F-Prot4 4.2.1.29/20061208 found nothing
Fortinet 2.82.0.0/20061211 found [W32/Agent.B!worm.im]
Ikarus T3.1.0.26/20061207 found [IM-Worm.Win32.Sumom.C]
Kaspersky 4.0.2.24/20061211 found [Net-Worm.Win32.Agent.b]
McAfee 4915/20061210 found nothing
Microsoft 1.1804/20061210 found nothing
NOD32v2 1913/20061209 found nothing
Norman 5.80.02/20061208 found [W32/Suspicious_M.gen]
Panda 9.0.0.4/20061211 found [Suspicious file]
Prevx1 V2/20061211 found nothing
Sophos 4.12.0/20061210 found [Mal/Packer]
Sunbelt 2.2.907.0/20061130 found [VIPRE.Suspicious]
TheHacker 6.0.3.131/20061210 found nothing
UNA 1.83/20061208 found nothing
VBA32 3.11.1/20061210 found [suspected of MalwareScope.Trojan-PSW.PdPinch.2 (paranoid heuristics)]
VirusBuster 4.3.15:9/20061210 found [novirus

acked/MEW]

[ notes ]
packers: MEW
packers: MEW
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**swerus** · 11.12.2006, 16:27

Просьба к администраторам подвести статистику за последний период, давно не было.

**Winsent** · 11.12.2006, 19:37

Complete scanning result of "setup.exe", received in VirusTotal at 12.11.2006, 17:28:15 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.49 12.11.2006 no virus found
Authentium 4.93.8 12.08.2006 W32/Methodbod.gen2
Avast 4.7.892.0 12.11.2006 no virus found
AVG 386 12.09.2006 no virus found
BitDefender 7.2 12.11.2006 DeepScan:Generic.Horst.2073FE1E
CAT-QuickHeal 8.00 12.11.2006 Trojan.Horst.qf
ClamAV devel-20060426 12.11.2006 Trojan.Medbot-98
DrWeb 4.33 12.11.2006 no virus found
eSafe 7.0.14.0 12.11.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.81 12.09.2006 no virus found
eTrust-Vet 30.3.3244 12.11.2006 no virus found
Ewido 4.0 12.10.2006 no virus found
Fortinet 2.82.0.0 12.11.2006 no virus found
F-Prot 3.16f 12.08.2006 W32/Methodbod.gen2
F-Prot4 4.2.1.29 12.08.2006 W32/Methodbod.gen2
Ikarus T3.1.0.26 12.11.2006 no virus found
Kaspersky 4.0.2.24 12.11.2006 no virus found
McAfee 4915 12.10.2006 no virus found
Microsoft 1.1804 12.11.2006 no virus found
NOD32v2 1914 12.11.2006 no virus found
Norman 5.80.02 12.11.2006 W32/Horst.gen14
Panda 9.0.0.4 12.11.2006 Suspicious file
Prevx1 V2 12.11.2006 no virus found
Sophos 4.12.0 12.10.2006 Mal/Behav-080
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.131 12.10.2006 Trojan/Horst.gen
UNA 1.83 12.08.2006 no virus found
VBA32 3.11.1 12.10.2006 MalwareScope.Trojan-Proxy.Horst.1
VirusBuster 4.3.15:9 12.11.2006 no virus found

Aditional Information
File size: 44544 bytes
MD5: 118e257037e8bbc57e81c3b282c122a3
SHA1: 4b911b91c813526728c4b9387efef19ee7f20cbe
packers: UPX
packers: UPX
packers: UPX
packers: UPX

**Winsent** · 12.12.2006, 16:24

Complete scanning result of "setup.exe", received in VirusTotal at 12.12.2006, 14:19:11 (CET).

Antivirus Version Update Result

AntiVir 7.2.0.49 12.12.2006 no virus found
Authentium 4.93.8 12.11.2006 W32/Methodbod.gen2
Avast 4.7.892.0 12.12.2006 no virus found
AVG 386 12.11.2006 no virus found
BitDefender 7.2 12.12.2006 DeepScan:Generic.Horst.4BC9FDCC
CAT-QuickHeal 8.00 12.11.2006 Trojan.Horst.qf
ClamAV devel-20060426 12.11.2006 Trojan.Medbot-98
DrWeb 4.33 12.12.2006 no virus found
eSafe 7.0.14.0 12.11.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.83 12.12.2006 no virus found
eTrust-Vet 30.3.3246 12.12.2006 Win32/Boxed!generic
Ewido 4.0 12.12.2006 no virus found
Fortinet 2.82.0.0 12.12.2006 no virus found
F-Prot 3.16f 12.11.2006 W32/Methodbod.gen2
F-Prot4 4.2.1.29 12.11.2006 W32/Methodbod.gen2
Ikarus T3.1.0.26 12.12.2006 no virus found
Kaspersky 4.0.2.24 12.12.2006 no virus found
McAfee 4916 12.11.2006 no virus found
Microsoft 1.1804 12.12.2006 no virus found
NOD32v2 1916 12.12.2006 no virus found
Norman 5.80.02 12.12.2006 W32/Horst.gen14
Panda 9.0.0.4 12.12.2006 Suspicious file
Prevx1 V2 12.12.2006 no virus found
Sophos 4.12.0 12.10.2006 Mal/Behav-080
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.131 12.10.2006 Trojan/Horst.gen
UNA 1.83 12.11.2006 no virus found
VBA32 3.11.1 12.11.2006 MalwareScope.Trojan-Proxy.Horst.1
VirusBuster 4.3.15:9 12.11.2006 no virus found

Aditional Information
File size: 44032 bytes
MD5: 00f7223e0a5625557aae42fe2ca9fdc3
SHA1: ac7c9f84fb1ff171ccf189a1eb3e898dab785561
packers: UPX
packers: UPX
packers: UPX
packers: UPX

**Синауридзе Александр** · 12.12.2006, 21:14

Complete scanning result of "mailru.exe", received in VirusTotal at 12.12.2006, 19:04:12 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.15 12.12.2006 HEUR/Crypted
Authentium 4.93.8 12.11.2006 no virus found
Avast 4.7.892.0 12.12.2006 Win32:Small-DJC
AVG 386 12.12.2006 no virus found
BitDefender 7.2 12.12.2006 no virus found
CAT-QuickHeal 8.00 12.12.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.12.2006 no virus found
DrWeb 4.33 12.12.2006 no virus found
eSafe 7.0.14.0 12.11.2006 no virus found
eTrust-InoculateIT 23.73.83 12.12.2006 no virus found
eTrust-Vet 30.3.3246 12.12.2006 no virus found
Ewido 4.0 12.12.2006 Not-A-Virus.Hoax.Win32.Delf.g
Fortinet 2.82.0.0 12.12.2006 suspicious
F-Prot 3.16f 12.11.2006 no virus found
F-Prot4 4.2.1.29 12.11.2006 no virus found
Ikarus T3.1.0.26 12.12.2006
Kaspersky 4.0.2.24 12.12.2006 not-virus:Hoax.Win32.Delf.g
McAfee 4917 12.12.2006 no virus found
Microsoft 1.1804 12.12.2006 no virus found
NOD32v2 1917 12.12.2006 no virus found
Norman 5.80.02 12.12.2006 Suspicious_F.gen
Panda 9.0.0.4 12.12.2006 Suspicious file
Prevx1 V2 12.12.2006 no virus found
Sophos 4.12.0 12.10.2006 Mal/Packer
Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious
TheHacker 6.0.3.131 12.10.2006 no virus found
UNA 1.83 12.11.2006 Hoax.Win32.Delf.299D
VBA32 3.11.1 12.12.2006 no virus found
VirusBuster 4.3.15:9 12.12.2006 no virus found

Aditional Information
File size: 246433 bytes
MD5: 8814c56326a8c3a81532e8662027188b
SHA1: eadb08cc4517c31b6d50b4e965c3ee979b75a591
packers: FSG
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**Синауридзе Александр** · 12.12.2006, 23:31

Complete scanning result of "screensaver.exe", received in VirusTotal at 12.12.2006, 21:13:17 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.15 12.12.2006 HEUR/Crypted
Authentium 4.93.8 12.11.2006 Possibly a new variant of W32/Threat-HLLSI-based!Maximus
Avast 4.7.892.0 12.12.2006 Win32

dpinch-AH
AVG 386 12.12.2006 no virus found
BitDefender 7.2 12.12.2006 no virus found
CAT-QuickHeal 8.00 12.12.2006 no virus found
ClamAV devel-20060426 12.12.2006 no virus found
DrWeb 4.33 12.12.2006 BACKDOOR.PWS.Trojan
eSafe 7.0.14.0 12.11.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.83 12.12.2006 no virus found
eTrust-Vet 30.3.3246 12.12.2006 no virus found
Ewido 4.0 12.12.2006 no virus found
Fortinet 2.82.0.0 12.12.2006 W32/LdPinch.BFE!tr.pws
F-Prot 3.16f 12.12.2006 Possibly a new variant of W32/Threat-HLLSI-based!Maximus
F-Prot4 4.2.1.29 12.12.2006 W32/CrazyCrunch-based!Maximus
Ikarus T3.1.0.26 12.12.2006 Trojan-PSW.Win32.LdPinch
Kaspersky 4.0.2.24 12.12.2006 Trojan-PSW.Win32.LdPinch.bfe
McAfee 4917 12.12.2006 no virus found
Microsoft 1.1804 12.12.2006 no virus found
NOD32v2 1918 12.12.2006 no virus found
Norman 5.80.02 12.12.2006 no virus found
Panda 9.0.0.4 12.12.2006 Suspicious file
Prevx1 V2 12.12.2006 no virus found
Sophos 4.12.0 12.10.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.131 12.10.2006 no virus found
UNA 1.83 12.11.2006 no virus found
VBA32 3.11.1 12.12.2006 MalwareScope.Trojan-PSW.PdPinch.5
VirusBuster 4.3.15:9 12.12.2006 no virus found

Aditional Information
File size: 14336 bytes
MD5: 90f100ef481774dca2be02004ee4967c
SHA1: 1f3d4f6340d62204c839d4fe5a0dc8352de26c8b
packers: ASPack
packers: ASPACK
packers: Aspack

**Winsent** · 13.12.2006, 00:30

Complete scanning result of "setup.exe", received in VirusTotal at 12.12.2006, 22:26:24 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.15 12.12.2006 no virus found
Authentium 4.93.8 12.12.2006 W32/Methodbod.gen2
Avast 4.7.892.0 12.12.2006 no virus found
AVG 386 12.12.2006 no virus found
BitDefender 7.2 12.12.2006 no virus found
CAT-QuickHeal 8.00 12.12.2006 Trojan.Horst.qf
ClamAV devel-20060426 12.12.2006 Trojan.Medbot-98
DrWeb 4.33 12.12.2006 no virus found
eSafe 7.0.14.0 12.11.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.83 12.12.2006 no virus found
eTrust-Vet 30.3.3246 12.12.2006 Win32/Boxed!generic
Ewido 4.0 12.12.2006 no virus found
Fortinet 2.82.0.0 12.12.2006 no virus found
F-Prot 3.16f 12.12.2006 W32/Methodbod.gen2
F-Prot4 4.2.1.29 12.12.2006 W32/Methodbod.gen2
Ikarus T3.1.0.26 12.12.2006 no virus found
Kaspersky 4.0.2.24 12.12.2006 no virus found
McAfee 4917 12.12.2006 no virus found
Microsoft 1.1804 12.12.2006 no virus found
NOD32v2 1918 12.12.2006 a variant of Win32/Medbot.DR
Norman 5.80.02 12.12.2006 W32/Horst.gen14
Panda 9.0.0.4 12.12.2006 Suspicious file
Prevx1 V2 12.12.2006 no virus found
Sophos 4.12.0 12.10.2006 Mal/Behav-080
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.131 12.10.2006 Trojan/Horst.gen
UNA 1.83 12.11.2006 no virus found
VBA32 3.11.1 12.12.2006 MalwareScope.Trojan-Proxy.Horst.1
VirusBuster 4.3.15:9 12.12.2006 no virus found

Aditional Information
File size: 44032 bytes
MD5: 9eacd652327bf4f17d4f8e0e50367233
SHA1: 65e11afc63521d61e2973bbe33120bca2359e07a
packers: UPX
packers: UPX
packers: UPX
packers: UPX

**drongo** · 13.12.2006, 21:33

STATUS: FINISHED
Complete scanning result of "server.exe", received in VirusTotal at 12.13.2006, 17:13:13 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.15 12.13.2006 HEUR/Crypted
Authentium 4.93.8 12.12.2006 no virus found
Avast 4.7.892.0 12.13.2006 no virus found
AVG 386 12.13.2006 no virus found
BitDefender 7.2 12.13.2006 no virus found
CAT-QuickHeal 8.00 12.13.2006 no virus found
ClamAV devel-20060426 12.13.2006 no virus found
DrWeb 4.33 12.13.2006 no virus found
eSafe 7.0.14.0 12.13.2006 no virus found
eTrust-InoculateIT 23.73.84 12.13.2006 no virus found
eTrust-Vet 30.3.3248 12.13.2006 no virus found
Ewido 4.0 12.13.2006 no virus found
Fortinet 2.82.0.0 12.13.2006 suspicious
F-Prot 3.16f 12.12.2006 no virus found
F-Prot4 4.2.1.29 12.12.2006 no virus found
Ikarus T3.1.0.26 12.13.2006 no virus found
Kaspersky 4.0.2.24 12.13.2006 no virus found
McAfee 4917 12.12.2006 New Win32.g2
Microsoft 1.1804 12.13.2006 no virus found
NOD32v2 1919 12.13.2006 no virus found
Norman 5.80.02 12.13.2006 no virus found
Panda 9.0.0.4 12.13.2006 no virus found
Prevx1 V2 12.13.2006 Backdoor.Optix
Sophos 4.12.0 12.13.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious
TheHacker 6.0.3.131 12.10.2006 no virus found
UNA 1.83 12.13.2006 no virus found
VBA32 3.11.1 12.12.2006 suspected of Trojan-PSW.LdPinch.36 (paranoid heuristics)
VirusBuster 4.3.15:9 12.13.2006 no virus found

P.s.
Файл сохранён как Kaspersky Keys Working_45802bec1f784.rar
Размер файла 1218470
MD5 3c7bdb437df990ef3ee3a45838e4b98e

**saicat** · 15.12.2006, 13:50

Complete scanning result of "chkdsk.exe", received in VirusTotal at 12.15.2006, 11:41:02 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.15 12.15.2006 no virus found
Authentium 4.93.8 12.14.2006 no virus found
Avast 4.7.892.0 12.14.2006 Win32

urityscan-Q
AVG 386 12.15.2006 no virus found
BitDefender 7.2 12.15.2006 no virus found
CAT-QuickHeal 8.00 12.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.15.2006 no virus found
DrWeb 4.33 12.15.2006 no virus found
eSafe 7.0.14.0 12.14.2006 Suspicious Trojan/Worm
eTrust-InoculateIT 23.73.86 12.15.2006 no virus found
eTrust-Vet 30.3.3252 12.15.2006 no virus found
Ewido 4.0 12.15.2006 no virus found
Fortinet 2.82.0.0 12.15.2006 no virus found
F-Prot 3.16f 12.14.2006 no virus found
F-Prot4 4.2.1.29 12.14.2006 no virus found
Ikarus T3.1.0.26 12.15.2006 no virus found
Kaspersky 4.0.2.24 12.15.2006 no virus found
McAfee 4919 12.14.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1922 12.14.2006 a variant of Win32/TrojanDownloader.PurityScan
Norman 5.80.02 12.14.2006 no virus found
Panda 9.0.0.4 12.15.2006 Suspicious file
Prevx1 V2 12.15.2006 Spyware.Midaddle
Sophos 4.12.0 12.14.2006 ClickSpring
Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious
TheHacker 6.0.3.132 12.14.2006 no virus found
UNA 1.83 12.14.2006 no virus found
VBA32 3.11.1 12.14.2006 suspected of Backdoor.Rbot.2
VirusBuster 4.3.19:9 12.14.2006 no virus found

**Winsent** · 15.12.2006, 20:54

Complete scanning result of "WM_Keeper.exe", received in VirusTotal at 12.15.2006, 18:49:25 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.19 12.15.2006 W32/Bizex.A.DLL
Authentium 4.93.8 12.14.2006 Possibly a new variant of W32/Threat-SysAdderSml-based!Maximus
Avast 4.7.892.0 12.15.2006 Win32:Trojano-1511
AVG 386 12.15.2006 no virus found
BitDefender 7.2 12.15.2006 Generic.PWStealer.C89D5ED6
CAT-QuickHeal 8.00 12.15.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.15.2006 no virus found
DrWeb 4.33 12.15.2006 Trojan.PWS.M2.20
eSafe 7.0.14.0 12.14.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.86 12.15.2006 no virus found
eTrust-Vet 30.3.3252 12.15.2006 no virus found
Ewido 4.0 12.15.2006 Downloader.Small.ckp
Fortinet 2.82.0.0 12.15.2006 suspicious
F-Prot 3.16f 12.14.2006 Possibly a new variant of W32/Threat-SysAdderSml-based!Maximus
F-Prot4 4.2.1.29 12.14.2006 W32/Threat-SysAdderSml-based!Maximus
Ikarus T3.1.0.26 12.15.2006 Trojan-PSW.Win32.M2.20.a
Kaspersky 4.0.2.24 12.15.2006 no virus found
McAfee 4920 12.15.2006 New BackDoor1
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 probably unknown NewHeur_PE virus
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.15.2006 Suspicious file
Prevx1 V2 12.15.2006 no virus found
Sophos 4.12.0 12.14.2006 Troj/RKProc-Fam
Sunbelt 2.2.907.0 11.30.2006 VIPRE.Suspicious
TheHacker 6.0.3.132 12.14.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.14.2006 suspected of Trojan-Downloader.VB.18
VirusBuster 4.3.19:9 12.15.2006 no virus found

Aditional Information
File size: 60178 bytes
MD5: 152a7495ff2d86fbe0b56c887abd4cc0
SHA1: 97adbb8f2d8efe4233b176397f2eadd7d1ad4526
packers: UPX
packers: UPX
packers: UPX
packers: UPX
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**Winsent** · 15.12.2006, 22:51

Complete scanning result of "setup.exe", received in VirusTotal at 12.15.2006, 20:43:51 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.19 12.15.2006 TR/Proxy.Horst.Gen
Authentium 4.93.8 12.15.2006 W32/Methodbod.gen2
Avast 4.7.892.0 12.15.2006 no virus found
AVG 386 12.15.2006 no virus found
BitDefender 7.2 12.15.2006 DeepScan:Generic.Horst.A3A0D00F
CAT-QuickHeal 8.00 12.15.2006 no virus found
ClamAV devel-20060426 12.15.2006 Trojan.Medbot-98
DrWeb 4.33 12.15.2006 no virus found
eSafe 7.0.14.0 12.14.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.86 12.15.2006 no virus found
eTrust-Vet 30.3.3252 12.15.2006 Win32/Boxed!generic
Ewido 4.0 12.15.2006 no virus found
Fortinet 2.82.0.0 12.15.2006 no virus found
F-Prot 3.16f 12.15.2006 W32/Methodbod.gen2
F-Prot4 4.2.1.29 12.14.2006 W32/Methodbod.gen2
Ikarus T3.1.0.26 12.15.2006 Trojan-Proxy.Win32.Horst.py
Kaspersky 4.0.2.24 12.15.2006 no virus found
McAfee 4920 12.15.2006 BackDoor-CMQ.gen
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 W32/Horst.gen14
Panda 9.0.0.4 12.15.2006 Suspicious file
Sophos 4.12.0 12.14.2006 Mal/Behav-080
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.132 12.14.2006 Trojan/Horst.gen
UNA 1.83 12.15.2006 I-Worm.Warezov.ex
VBA32 3.11.1 12.14.2006 MalwareScope.Trojan-Proxy.Horst.1
VirusBuster 4.3.19:9 12.15.2006 no virus found

Aditional Information
File size: 42496 bytes
MD5: 0e899957e8f650914e2a19ef53426e55
SHA1: 22bc6ca7ffd47d9618e110bc705c9e6b1cca998e
packers: UPX
packers: UPX
packers: UPX
packers: UPX

**WaterFish** · 15.12.2006, 23:23

Winsent
Ну вроде с Medbot'ом всё ясно, так же как и со zlob'ом
Не хотят его некоторые аналитики отслеживать, есть, наверное,у них мотивы или проблемы.

**kvit** · 18.12.2006, 16:07

VirusTotal at 12.18.2006, 14:01:00 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.19 12.18.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 no virus found
AVG 386 12.17.2006 no virus found
BitDefender 7.2 12.18.2006 Dropped:Generic.Malware.SD.9AEF6365
CAT-QuickHeal 8.00 12.17.2006 no virus found
ClamAV devel-20060426 12.18.2006 no virus found
DrWeb 4.33 12.18.2006 Win32.HLLW.Grizzlie
eSafe 7.0.14.0 12.17.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.88 12.18.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.18.2006 no virus found
Fortinet 2.82.0.0 12.18.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.27 12.18.2006 no virus found
Kaspersky 4.0.2.24 12.18.2006 Worm.Win32.RussoTuristo.b
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1925 12.18.2006 no virus found
Norman 5.80.02 12.18.2006 W32/NetworkWorm
Panda 9.0.0.4 12.17.2006 W32/BlackHole.AM.worm
Prevx1 V2 12.18.2006 no virus found
Sophos 4.12.0 12.18.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.134 12.18.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.18.2006 no virus found
VirusBuster 4.3.19:9 12.17.2006 Worm.RussoTuristo.A

Aditional Information
File size: 53326 bytes
MD5: 7e1b628897f8e03a035266dad1f13ebe
SHA1: 5ac15a78826a31ca4dfbde670eddc090b0747cb7
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 53326 bytes.

[ Changes to filesystem ]
* Creates file N:.._____ _____.exe.

[ Spreading through LAN/WAN ]
* Worm spreading over a network connection.

**Kuzz** · 18.12.2006, 17:11

Complete scanning result of "vbsys2._dll", received in VirusTotal at 12.18.2006, 14:58:12 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.19 12.18.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 no virus found
AVG 386 12.17.2006 no virus found
BitDefender 7.2 12.18.2006 no virus found
CAT-QuickHeal 8.00 12.17.2006 no virus found
ClamAV devel-20060426 12.18.2006 no virus found
DrWeb 4.33 12.18.2006 no virus found
eSafe 7.0.14.0 12.17.2006 no virus found
eTrust-InoculateIT 23.73.88 12.18.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 Win32/Pomelo!generic
Ewido 4.0 12.18.2006 no virus found
Fortinet 2.82.0.0 12.18.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.27 12.18.2006 Trojan-Clicker.Win32.Agent.ac
Kaspersky 4.0.2.24 12.18.2006 Trojan-Clicker.Win32.Agent.ac
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1925 12.18.2006 no virus found
Norman 5.80.02 12.18.2006 no virus found
Panda 9.0.0.4 12.17.2006 Suspicious file
Prevx1 V2 12.18.2006 no virus found
Sophos 4.12.0 12.18.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.134 12.18.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.18.2006 suspected of Malware.Agent.19
VirusBuster 4.3.19:9 12.18.2006 no virus found

Aditional Information
File size: 90112 bytes
MD5: 66f53ba90bcc3e43a323317711ae48b9
SHA1: 95893014ea2dfa3c09817be8a3aa5ce0c1fdc477

**Kuzz** · 18.12.2006, 17:22

AntiVir 7.3.0.19 12.18.2006 TR/LipGame.BM.1
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 Win32: Lipgame
AVG 386 12.18.2006 Generic2.MCB
BitDefender 7.2 12.18.2006 no virus found
CAT-QuickHeal 8.00 12.17.2006 no virus found
ClamAV devel-20060426 12.18.2006 Dialer-741
DrWeb 4.33 12.18.2006 no virus found
eSafe 7.0.14.0 12.17.2006 no virus found
eTrust-InoculateIT 23.73.88 12.18.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.18.2006 no virus found
Fortinet 2.82.0.0 12.18.2006 W32/LipGame.BM!tr
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.27 12.18.2006 no virus found
Kaspersky 4.0.2.24 12.18.2006 Trojan.Win32.LipGame.bm
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1925 12.18.2006 Win32/LipGame
Norman 5.80.02 12.18.2006 no virus found
Panda 9.0.0.4 12.17.2006 no virus found
Prevx1 V2 12.18.2006 no virus found
Sophos 4.12.0 12.18.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.134 12.18.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.18.2006 suspected of Malware.Agent.19
VirusBuster 4.3.19:9 12.18.2006 no virus found

Aditional Information
File size: 53248 bytes
MD5: afc46df47e398d0b0bc4acdbd4ef94d4
SHA1: bd6df84399f0ff74a291c552b3bdcd4ba5d3b38f

**saicat** · 19.12.2006, 23:35

Complete scanning result of "Telekom-Rechnung.pdf.exe", received in VirusTotal at 12.19.2006, 21:24:50 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.19 12.19.2006 TR/Dldr.EbayBill.L
Authentium 4.93.8 12.19.2006 W32/Downloader.gen2
Avast 4.7.892.0 12.19.2006 Win32:Nurech
AVG 386 12.19.2006 Downloader.Generic2.TTV
BitDefender 7.2 12.19.2006 Trojan.Downloader.Nurech.G
CAT-QuickHeal 8.00 12.19.2006 no virus found
ClamAV devel-20060426 12.19.2006 Trojan.Small-373
DrWeb 4.33 12.19.2006 no virus found
eSafe 7.0.14.0 12.19.2006 no virus found
eTrust-InoculateIT 23.73.89 12.19.2006 Win32/SillyDL.3ev!Trojan
eTrust-Vet 30.3.3262 12.19.2006 Win32/DlWreck.AW
Ewido 4.0 12.19.2006 Downloader.Nurech.g
Fortinet 2.82.0.0 12.19.2006 W32/Yabe.W!tr.dldr
F-Prot 3.16f 12.15.2006 W32/Downloader.gen2
F-Prot4 4.2.1.29 12.19.2006 W32/Downloader.gen2
Ikarus T3.1.0.27 12.19.2006 Trojan-Downloader.Win32.Nurech.g
Kaspersky 4.0.2.24 12.19.2006 Trojan-Downloader.Win32.Nurech.g
McAfee 4922 12.19.2006 Downloader-AAP
Microsoft 1.1904 12.19.2006 TrojanDownloader:Win32/Agent.ET
NOD32v2 1928 12.19.2006 Win32/TrojanDownloader.Agent.UF
Norman 5.80.02 12.19.2006 W32/DLoader.BCTW
Panda 9.0.0.4 12.19.2006 Trj/Cimuz.BE
Prevx1 V2 12.19.2006 no virus found
Sophos 4.12.0 12.18.2006 Troj/Clagger-AG
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.134 12.18.2006 Trojan/Downloader.Nurech.g
UNA 1.83 12.19.2006 TrojanDownloader.Win32.Nurech.C43F
VBA32 3.11.1 12.19.2006 Trojan-Downloader.Win32.Nurech.g
VirusBuster 4.3.19:9 12.19.2006 Trojan.DL.Nurech.H

Вот так облажался DrWeb... Этого старого трояна, который сегодня снова был массово разослан по Германии, скоро, думаю, даже "антивирус Калинина" будет детектить...

**Winsent** · 20.12.2006, 19:16

Complete scanning result of "setup.exe", received in VirusTotal at 12.20.2006, 17:11:52 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.19 12.20.2006 TR/Proxy.Horst.Gen
Authentium 4.93.8 12.20.2006 no virus found
Avast 4.7.892.0 12.20.2006 no virus found
AVG 386 12.19.2006 no virus found
BitDefender 7.2 12.20.2006 DeepScan:Generic.Horst.86744D0E
CAT-QuickHeal 8.00 12.20.2006 no virus found
ClamAV devel-20060426 12.20.2006 no virus found
DrWeb 4.33 12.20.2006 no virus found
eSafe 7.0.14.0 12.19.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.91 12.20.2006 no virus found
eTrust-Vet 30.3.3264 12.20.2006 no virus found
Ewido 4.0 12.20.2006 no virus found
Fortinet 2.82.0.0 12.20.2006 no virus found
F-Prot 3.16f 12.20.2006 no virus found
F-Prot4 4.2.1.29 12.20.2006 no virus found
Ikarus T3.1.0.27 12.20.2006 no virus found
Kaspersky 4.0.2.24 12.20.2006 Trojan-Proxy.Win32.Horst.te
McAfee 4922 12.19.2006 BackDoor-CMQ.gen
Microsoft 1.1904 12.20.2006 no virus found
NOD32v2 1931 12.20.2006 no virus found
Norman 5.80.02 12.20.2006 W32/Malware
Panda 9.0.0.4 12.19.2006 Suspicious file
Prevx1 V2 12.20.2006 no virus found
Sophos 4.12.0 12.18.2006 Mal/Behav-080
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.19.2006 no virus found
VBA32 3.11.1 12.20.2006 MalwareScope.Trojan-Proxy.Horst.1
VirusBuster 4.3.19:9 12.20.2006 no virus found

Aditional Information
File size: 49664 bytes
MD5: 7653755c2c370f2f9e8ec0b59d7de106
SHA1: 9ea051fa7c8dfcd7163afd3b2a2da4d229a03c6a
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 49664 bytes.

[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.

**Winsent** · 21.12.2006, 00:12

Complete scanning result of "output.exe", received in VirusTotal at 12.20.2006, 22:09:52 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.19 12.20.2006 DR/Delphi.Gen
Authentium 4.93.8 12.20.2006 no virus found
Avast 4.7.892.0 12.20.2006 no virus found
AVG 386 12.20.2006 no virus found
BitDefender 7.2 12.20.2006 no virus found
CAT-QuickHeal 8.00 12.20.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.20.2006 Trojan.Delf-293
DrWeb 4.33 12.20.2006 no virus found
eSafe 7.0.14.0 12.19.2006 Suspicious Trojan/Worm
eTrust-InoculateIT 23.73.91 12.20.2006 no virus found
eTrust-Vet 30.3.3264 12.20.2006 no virus found
Ewido 4.0 12.20.2006 no virus found
Fortinet 2.82.0.0 12.20.2006 suspicious
F-Prot 3.16f 12.20.2006 no virus found
F-Prot4 4.2.1.29 12.20.2006 no virus found
Ikarus T3.1.0.27 12.20.2006 no virus found
Kaspersky 4.0.2.24 12.20.2006 no virus found
McAfee 4923 12.20.2006 no virus found
Microsoft 1.1904 12.20.2006 no virus found
NOD32v2 1931 12.20.2006 no virus found
Norman 5.80.02 12.20.2006 Suspicious_F.gen
Panda 9.0.0.4 12.20.2006 Suspicious file
Prevx1 V2 12.20.2006 no virus found
Sophos 4.12.0 12.18.2006 Troj/Deldo-Gen
Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.20.2006 no virus found
VBA32 3.11.1 12.20.2006 MalwareScope.Trojan-Spy.BZub.1
VirusBuster 4.3.19:9 12.20.2006 novirusacked/FSG

Aditional Information
File size: 41498 bytes
MD5: 3426e99aad0ea528feb8d2bd55684930
SHA1: 7a7298c15d0f97d993f504cb1624d9dd7295153b
packers: FSG
packers: FSG
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**saicat** · 21.12.2006, 16:53

Только что пришло почтой:

Complete scanning result of "msg.ApKpfw", received in VirusTotal at 12.21.2006, 14:40:03 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.19 12.21.2006 no virus found
Authentium 4.93.8 12.21.2006 W32/Downloader.gen10
Avast 4.7.892.0 12.21.2006 Win32:Small-CFJ
AVG 386 12.20.2006 no virus found
BitDefender 7.2 12.21.2006 no virus found
CAT-QuickHeal 8.00 12.20.2006 no virus found
ClamAV devel-20060426 12.21.2006 no virus found
DrWeb 4.33 12.21.2006 no virus found
eSafe 7.0.14.0 12.19.2006 no virus found
eTrust-InoculateIT 23.73.93 12.21.2006 no virus found
eTrust-Vet 30.3.3268 12.21.2006 no virus found
Ewido 4.0 12.21.2006 no virus found
Fortinet 2.82.0.0 12.21.2006 suspicious
F-Prot 3.16f 12.21.2006 W32/Downloader.gen10
F-Prot4 4.2.1.29 12.21.2006 W32/Downloader.gen10
Ikarus T3.1.0.27 12.21.2006 no virus found
Kaspersky 4.0.2.24 12.21.2006 no virus found
McAfee 4923 12.20.2006 no virus found
Microsoft 1.1904 12.21.2006 no virus found
NOD32v2 1932 12.20.2006 no virus found
Norman 5.80.02 12.20.2006 Suspicious_F.gen
Panda 9.0.0.4 12.21.2006 Suspicious file
Prevx1 V2 12.21.2006 no virus found
Sophos 4.12.0 12.21.2006 Mal/Packer
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.20.2006 no virus found
VBA32 3.11.1 12.20.2006 suspected of Downloader.Harnig.39
VirusBuster 4.3.19:9 12.21.2006 novirus

acked/FSG

Aditional Information
File size: 10645 bytes
MD5: c0b6b8d350f718b63afdb9c329d754d2
SHA1: 3b1f7f0f16319fcb4ba8b55ec162fe6a3a858200
packers: FSG
packers: FSG
packers: FSG

**Winsent** · 21.12.2006, 20:03

Complete scanning result of "document1_zip_sfx.exe", received in VirusTotal at 12.21.2006, 17:58:13 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.19 12.21.2006 no virus found
Authentium 4.93.8 12.21.2006 no virus found
Avast 4.7.892.0 12.21.2006 Win32elf-CAT
AVG 386 12.20.2006 no virus found
BitDefender 7.2 12.21.2006 no virus found
CAT-QuickHeal 8.00 12.21.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 12.21.2006 no virus found
DrWeb 4.33 12.21.2006 no virus found
eSafe 7.0.14.0 12.21.2006 no virus found
eTrust-InoculateIT 23.73.93 12.21.2006 no virus found
eTrust-Vet 30.3.3268 12.21.2006 no virus found
Ewido 4.0 12.21.2006 no virus found
Fortinet 2.82.0.0 12.21.2006 no virus found
F-Prot 3.16f 12.21.2006 no virus found
F-Prot4 4.2.1.29 12.21.2006 no virus found
Ikarus T3.1.0.27 12.21.2006 Trojan-PSW.Win32.LdPinch.FI
Kaspersky 4.0.2.24 12.21.2006 no virus found
McAfee 4923 12.20.2006 no virus found
Microsoft 1.1904 12.21.2006 no virus found
NOD32v2 1933 12.21.2006 no virus found
Norman 5.80.02 12.21.2006 no virus found
Panda 9.0.0.4 12.21.2006 Suspicious file
Prevx1 V2 12.21.2006 no virus found
Sophos 4.12.0 12.21.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 VIPRE.Suspicious
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.20.2006 no virus found
VBA32 3.11.1 12.20.2006 MalwareScope.Trojan-PSW.Pinch.2
VirusBuster 4.3.19:9 12.21.2006 no virus found

Aditional Information
File size: 49519 bytes
MD5: 052bb19f357ef961b89f0cae3ff61b22
SHA1: 91d2b1f347520af1afa90084b211d136f924c669
packers: UPX
packers: PECRYPT, UPX, BINARYRES
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Оказался совсем и не Pinch, а Net-Worm.Win32.Agent.b по KAV

Исследование антивирусов 4

Опции темы

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 3

Исследование антивирусов 2

Ваши права в разделе