Маленькое исследование антивирусов

[Geser]

Ещё интересные результаты:

Упаковка Stealth PE

File: hxdef100.exe
Status: INFECTED/MALWARE
Packers detected: PE_PATCH

AntiVir BDS/Hacdef.084 (1.25 seconds taken)
Avast No viruses found (4.60 seconds taken)
BitDefender No viruses found (2.80 seconds taken)
ClamAV Trojan.Hackdef.084-prog (2.91 seconds taken)
Dr.Web BackDoor.HackDef.84 (6.86 seconds taken)
F-Prot Antivirus No viruses found (0.38 seconds taken)
Kaspersky Anti-Virus Backdoor.HacDef.084 (4.29 seconds taken)
mks_vir Trojan.Hacdef.084 (1.37 seconds taken)
NOD32 No viruses found (2.36 seconds taken)
Norman Virus Control No viruses found (4.01 seconds taken)

Даже если сделать как советует автор, иупаковать сначала UPX, а потом Hide PE, то:
File: hxdef100bak.exe
Status: INFECTED/MALWARE
Packers detected: None

AntiVir No viruses found (1.29 seconds taken)
Avast No viruses found (4.63 seconds taken)
BitDefender No viruses found (6.12 seconds taken)
ClamAV Trojan.Hackdef.084-prog (3.06 seconds taken)
Dr.Web BackDoor.HackDef.84 (4.88 seconds taken)
F-Prot Antivirus No viruses found (0.58 seconds taken)
Kaspersky Anti-Virus Backdoor.Win32.HacDef.084 (4.36 seconds taken)
mks_vir No viruses found (2.12 seconds taken)
NOD32 No viruses found (3.39 seconds taken)
Norman Virus Control No viruses found (7.94 seconds taken)

Паковщик, как видно не определяется, а вот троян определяется хорошими антивирусами

Теперь UPX, а потом Stealth PE

File: hxdef100.exe
Status: INFECTED/MALWARE
Packers detected: PE_PATCH

AntiVir No viruses found (1.97 seconds taken)
Avast No viruses found (4.60 seconds taken)
BitDefender No viruses found (4.05 seconds taken)
ClamAV No viruses found (3.00 seconds taken)
Dr.Web BackDoor.HackDef.84 (4.80 seconds taken)
F-Prot Antivirus No viruses found (0.64 seconds taken)
Kaspersky Anti-Virus Backdoor.Win32.HacDef.084 (4.87 seconds taken)
mks_vir No viruses found (2.20 seconds taken)
NOD32 No viruses found (3.05 seconds taken)
Norman Virus Control No viruses found (10.24 seconds taken)

Такие вот дела

[Geser]

Вот ещё о скорости реакции антивирусных фирм. 2 дня назад запостил на Вирустотал троянчик. А они, как известно, разсылают новые вирусы антивирусным фирмам. Сегорня проверил кто уже детектит его:

Antivirus Version Update Result
BitDefender 7.0 11.13.2004 Backdoor.Small.BQ
ClamWin devel-20041018 11.11.2004 -
eTrust-Iris 7.1.194.0 11.13.2004 -
F-Prot 3.15b 11.12.2004 -
Kaspersky 4.0.2.24 11.13.2004 Backdoor.Win32.Small.bq
NOD32v2 1.922 11.12.2004 Win32/Small.BQ
Norman 5.70.10 11.12.2004 -
Panda 7.02.00 11.13.2004 -
Sybari 7.5.1314 11.13.2004 Backdoor.Win32.Small.bq
Symantec 8.0 11.12.2004 W32.Scard

Norman, Panda, ClamWin, eTrust-Iris, F-Prot так и не добавили дроян в базы.

[Geser]

Results of a file scan
This is the report of the scanning done over "qwe4820.dll" file that VirusTotal processed on 11/27/2004 at 10:56:08.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Backdoor.Agent.EH
ClamWin devel-20041018 11.26.2004 -
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 -
Kaspersky 4.0.2.24 11.27.2004 Backdoor.Win32.Agent.eh
NOD32v2 1.935 11.26.2004 Win32/Agent.EH
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 Bck/Agent.BU
Sybari 7.5.1314 11.27.2004 Backdoor.Win32.Agent.eh
Symantec 8.0 11.26.2004 -



Results of a file scan
This is the report of the scanning done over "SCardSer.exe" file that VirusTotal processed on 11/27/2004 at 10:57:16.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Backdoor.Small.BQ
ClamWin devel-20041018 11.26.2004 -
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 security risk named W32/SillyTrojan.BA@bd
Kaspersky 4.0.2.24 11.27.2004 Backdoor.Win32.Small.bq
NOD32v2 1.935 11.26.2004 Win32/Small.BQ
Norman 5.70.10 11.25.2004 Golten.A
Panda 7.02.00 11.26.2004 Bck/Cudgy.A
Sybari 7.5.1314 11.27.2004 W32/Mofei-F
Symantec 8.0 11.26.2004 W32.Scard



Results of a file scan
This is the report of the scanning done over "3_1_._s" file that VirusTotal processed on 11/27/2004 at 12:12:02.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 JS.Trojan.Seeker.S
ClamWin devel-20041018 11.26.2004 Trojan.JS.Startpage.C
eTrust-Iris 7.1.194.0 11.27.2004 JScript/VMException.Exploit.Troj
F-Prot 3.15b 11.24.2004 JS/Seeker
Kaspersky 4.0.2.24 11.27.2004 Trojan.JS.Fav
NOD32v2 1.935 11.26.2004 -
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 -
Sybari 7.5.1314 11.27.2004 JS/IEstart.gen.c
Symantec 8.0 11.26.2004 JS.Exception.Exploit



Results of a file scan
This is the report of the scanning done over "5-2-145-58_1_._xe" file that VirusTotal processed on 11/27/2004 at 12:12:59.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Application.Dialer.Kirk
ClamWin devel-20041018 11.26.2004 Dialer-153
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 -
Kaspersky 4.0.2.24 11.27.2004 -
NOD32v2 1.935 11.26.2004 -
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 Dialer.Gen
Sybari 7.5.1314 11.27.2004 Dial/190-A
Symantec 8.0 11.26.2004 -



Results of a file scan
This is the report of the scanning done over "8MSO-Patch-0035.exe.safe" file that VirusTotal processed on 11/27/2004 at 12:14:30.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 -
ClamWin devel-20041018 11.26.2004 Lirva-B
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 W32/Lirva.D@mm
Kaspersky 4.0.2.24 11.27.2004 -
NOD32v2 1.935 11.26.2004 -
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 -
Sybari 7.5.1314 11.27.2004 -
Symantec 8.0 11.26.2004 -


Results of a file scan
This is the report of the scanning done over "38server.ex" file that VirusTotal processed on 11/27/2004 at 12:24:51.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Trojan.Downloader.Apher.Gen
ClamWin devel-20041018 11.26.2004 -
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 -
Kaspersky 4.0.2.24 11.27.2004 -
NOD32v2 1.935 11.26.2004 Win32/TrojanDownloader.Apher.070
Norman 5.70.10 11.25.2004 Slacke.A
Panda 7.02.00 11.26.2004 -
Sybari 7.5.1314 11.27.2004 Win32.DlFeer
Symantec 8.0 11.26.2004 -



Results of a file scan
This is the report of the scanning done over "actalert.ex" file that VirusTotal processed on 11/27/2004 at 12:30:44.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Trojan.Downloader.Dyfuca.CR
ClamWin devel-20041018 11.26.2004 Trojan.Dyfuca-17
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 security risk named W32/Dyfuca.AD@dl
Kaspersky 4.0.2.24 11.27.2004 TrojanDownloader.Win32.Dyfuca.cr
NOD32v2 1.935 11.26.2004 Win32/TrojanDownloader.Dyfica.CR
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 Spyware/Dyfuca
Sybari 7.5.1314 11.27.2004 Trojan.DL.Dyfuca.AS
Symantec 8.0 11.26.2004 -



Results of a file scan
This is the report of the scanning done over "actalert.ex" file that VirusTotal processed on 11/27/2004 at 12:30:44.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Trojan.Downloader.Dyfuca.CR
ClamWin devel-20041018 11.26.2004 Trojan.Dyfuca-17
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 security risk named W32/Dyfuca.AD@dl
Kaspersky 4.0.2.24 11.27.2004 TrojanDownloader.Win32.Dyfuca.cr
NOD32v2 1.935 11.26.2004 Win32/TrojanDownloader.Dyfica.CR
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 Spyware/Dyfuca
Sybari 7.5.1314 11.27.2004 Trojan.DL.Dyfuca.AS
Symantec 8.0 11.26.2004 -


Results of a file scan
This is the report of the scanning done over "conscorr.ex" file that VirusTotal processed on 11/27/2004 at 12:34:42.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Trojan.Downloader.Stubby.C
ClamWin devel-20041018 11.26.2004 Trojan.Stubby.113
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 security risk named W32/Stubby.B
Kaspersky 4.0.2.24 11.27.2004 TrojanDownloader.Win32.Stubby.c
NOD32v2 1.935 11.26.2004 Win32/TrojanDownloader.Stubby.C
Norman 5.70.10 11.25.2004 W32/Stubby.C
Panda 7.02.00 11.26.2004 Adware/IPInsight
Sybari 7.5.1314 11.27.2004 Trojan.DL.Stubby.B
Symantec 8.0 11.26.2004 -


Results of a file scan
This is the report of the scanning done over "dmstwe.ex" file that VirusTotal processed on 11/27/2004 at 12:37:22.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 -
ClamWin devel-20041018 11.26.2004 -
eTrust-Iris 7.1.194.0 11.27.2004 Win32/Cudgy.B.Trojan
F-Prot 3.15b 11.24.2004 -
Kaspersky 4.0.2.24 11.27.2004 Trojan-Downloader.Win32.Small.aao
NOD32v2 1.935 11.26.2004 -
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 -
Sybari 7.5.1314 11.27.2004 Win32/Cudgy.B.Trojan
Symantec 8.0 11.26.2004 W32.Scard


Results of a file scan
This is the report of the scanning done over "eplrr9.dll" file that VirusTotal processed on 11/27/2004 at 12:38:47.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Trojan.StartPage.OX
ClamWin devel-20041018 11.26.2004 -
eTrust-Iris 7.1.194.0 11.27.2004 Win32/StartPage.JZ.DLL.Trojan
F-Prot 3.15b 11.24.2004 security risk named W32/Startpage.FU
Kaspersky 4.0.2.24 11.27.2004 Trojan.Win32.StartPage.ox
NOD32v2 1.935 11.26.2004 -
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 -
Sybari 7.5.1314 11.27.2004 Win32.Startpage.JZ
Symantec 8.0 11.26.2004 Trojan.StartPage



Results of a file scan
This is the report of the scanning done over "FCPAGOFC.CPA" file that VirusTotal processed on 11/27/2004 at 12:39:48.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Win32.Hybris.plugin
ClamWin devel-20041018 11.26.2004 W95.Hybris.PI.000
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 security risk or a "backdoor" program
Kaspersky 4.0.2.24 11.27.2004 I-Worm.Hybris.plugin
NOD32v2 1.935 11.26.2004 Win32/Hybris.plugin
Norman 5.70.10 11.25.2004 Hybris.Plugin
Panda 7.02.00 11.26.2004 W32/Hybris.Plugin
Sybari 7.5.1314 11.27.2004 I-Worm.Hybris.plugin
Symantec 8.0 11.26.2004 W95.Hybris.Plugin



Results of a file scan
This is the report of the scanning done over "FOTORAR._XE" file that VirusTotal processed on 11/27/2004 at 12:41:41.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Backdoor.Death.26.C
ClamWin devel-20041018 11.26.2004 Exploit.JPEG.Comment.F0
eTrust-Iris 7.1.194.0 11.27.2004 Backdoor/Death Server family
F-Prot 3.15b 11.24.2004 -
Kaspersky 4.0.2.24 11.27.2004 Backdoor.Death.26.c
NOD32v2 1.935 11.26.2004 Win32/Death.26.C
Norman 5.70.10 11.25.2004 W32/Death.2_6C
Panda 7.02.00 11.26.2004 Bck/Death.26.C
Sybari 7.5.1314 11.27.2004 BackDoor-FP.svr
Symantec 8.0 11.26.2004 Backdoor.Death


Results of a file scan
This is the report of the scanning done over "gngb4ng.ex" file that VirusTotal processed on 11/27/2004 at 12:43:54.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Trojan.Dropper.Small.GT
ClamWin devel-20041018 11.26.2004 Trojan.Dropper.Small-8
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 dropper for W32/Rameh.D@dl
Kaspersky 4.0.2.24 11.27.2004 TrojanDropper.Win32.Small.gt
NOD32v2 1.935 11.26.2004 Win32/TrojanDropper.Small.GT
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 Adware/NetPals
Sybari 7.5.1314 11.27.2004 TrojanDropper.Win32.Small.gt
Symantec 8.0 11.26.2004 -



This is the report of the scanning done over "hot_pleasure._xe" file that VirusTotal processed on 11/27/2004 at 12:51:39.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Dialer.PornDialer.AJ
ClamWin devel-20041018 11.26.2004 -
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 -
Kaspersky 4.0.2.24 11.27.2004 -
NOD32v2 1.935 11.26.2004 -
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 Dialer.Gen
Sybari 7.5.1314 11.27.2004 Dial/SiteIcon-A
Symantec 8.0 11.26.2004 -



This is the report of the scanning done over "iinstall.ex" file that VirusTotal processed on 11/27/2004 at 12:53:08.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Trojan.Downloader.ISTbar.ST
ClamWin devel-20041018 11.26.2004 Trojan.Downloader.Istbar-47
eTrust-Iris 7.1.194.0 11.27.2004 Win32/IstBar.Downloader.Trojan
F-Prot 3.15b 11.24.2004 security risk named W32/Istbar.BC@dl
Kaspersky 4.0.2.24 11.27.2004 TrojanDownloader.Win32.IstBar.gen
NOD32v2 1.935 11.26.2004 Win32/TrojanDownloader.IstBar.NAN
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 Spyware/ISTbar
Sybari 7.5.1314 11.27.2004 Trojan.DL.IstBar.BJ1
Symantec 8.0 11.26.2004 -


This is the report of the scanning done over "JELMBLJE.ELM" file that VirusTotal processed on 11/27/2004 at 12:55:54.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 I_Worm.Hybris.A.Plugin
ClamWin devel-20041018 11.26.2004 W95.Hybris.PI.001
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 security risk or a "backdoor" program
Kaspersky 4.0.2.24 11.27.2004 I-Worm.Hybris.plugin
NOD32v2 1.935 11.26.2004 Win32/Hybris.plugin
Norman 5.70.10 11.25.2004 Hybris.Plugin
Panda 7.02.00 11.26.2004 W32/Hybris.Plugin
Sybari 7.5.1314 11.27.2004 Hybris.Plugi
Symantec 8.0 11.26.2004 W95.Hybris.Plugin



Results of a file scan
This is the report of the scanning done over "keygen._xe" file that VirusTotal processed on 11/27/2004 at 12:59:21.
Antivirus Version Update Result
BitDefender 7.0 11.26.2004 Backdoor.Delf.SL
ClamWin devel-20041018 11.26.2004 Exploit.JPEG.Comment.F0
eTrust-Iris 7.1.194.0 11.27.2004 -
F-Prot 3.15b 11.24.2004 -
Kaspersky 4.0.2.24 11.27.2004 Backdoor.Win32.Delf.sl
NOD32v2 1.935 11.26.2004 probably unknown NewHeur_PE
Norman 5.70.10 11.25.2004 -
Panda 7.02.00 11.26.2004 -
Sybari 7.5.1314 11.27.2004 Backdoor.Win32.Delf.sl
Symantec 8.0 11.26.2004 Backdoor.Trojan

[maXmo]

на вирустотале каспер без дополнительных баз, а кое-каких зверей он именно туда пихает.

[Alexey P.]

на вирустотале каспер без дополнительных баз, а кое-каких зверей он именно туда пихает.

Да, как раз порнозвонилки, которые в этом тесте не обнаружены, имхо, у него в расширенных.

[Geser]

Сважие примеры.
Проверка 4 файлов выловленных на компе

This is the report of the scanning done over "qrvgczjo.exe" file that VirusTotal processed on 12/11/2004 at 12:08:28.
Antivirus Version Update Result
AntiVir 6.29.0.4 12.10.2004 -
BitDefender 7.0 12.11.2004 -
ClamWin devel-20041205 12.10.2004 -
DrWeb 4.32b 12.11.2004 -
eTrust-Iris 7.1.194.0 12.11.2004 -
eTrust-Vet 11.7.0.0 12.10.2004 -
F-Prot 3.15b 12.10.2004 -
Kaspersky 4.0.2.24 12.11.2004 Trojan-Dropper.Win32.Small.nn
NOD32v2 1.945 12.11.2004 -
Norman 5.70.10 12.10.2004 -
Panda 7.02.00 12.10.2004 Trj/Dropper.AG
Sybari 7.5.1314 12.11.2004 Trojan-Dropper.Win32.Small.nn
Symantec 8.0 12.10.2004 -



Results of a file scan
This is the report of the scanning done over "eplrr3.dll" file that VirusTotal processed on 12/11/2004 at 12:10:11.
Antivirus Version Update Result
AntiVir 6.29.0.4 12.10.2004 TR/Proxy.Small.AH.1
BitDefender 7.0 12.11.2004 Trojan.Proxy.Small.AH
ClamWin devel-20041205 12.10.2004 -
DrWeb 4.32b 12.11.2004 Trojan.Proxy.140
eTrust-Iris 7.1.194.0 12.11.2004 -
eTrust-Vet 11.7.0.0 12.10.2004 -
F-Prot 3.15b 12.10.2004 security risk named W32/ProxyAgent.N
Kaspersky 4.0.2.24 12.11.2004 Trojan-Proxy.Win32.Small.ah
NOD32v2 1.945 12.11.2004 -
Norman 5.70.10 12.10.2004 -
Panda 7.02.00 12.10.2004 -
Sybari 7.5.1314 12.11.2004 Trojan-Proxy.Win32.Small.ah
Symantec 8.0 12.10.2004 -


Results of a file scan
This is the report of the scanning done over "ntosv.dll" file that VirusTotal processed on 12/11/2004 at 12:12:18.
Antivirus Version Update Result
AntiVir 6.29.0.4 12.10.2004 TR/Drop.Small.NN.1
BitDefender 7.0 12.11.2004 -
ClamWin devel-20041205 12.10.2004 -
DrWeb 4.32b 12.11.2004 -
eTrust-Iris 7.1.194.0 12.11.2004 -
eTrust-Vet 11.7.0.0 12.10.2004 -
F-Prot 3.15b 12.10.2004 -
Kaspersky 4.0.2.24 12.11.2004 -
NOD32v2 1.945 12.11.2004 -
Norman 5.70.10 12.10.2004 -
Panda 7.02.00 12.10.2004 -
Sybari 7.5.1314 12.11.2004 -
Symantec 8.0 12.10.2004 -


Results of a file scan
This is the report of the scanning done over "cmd32._xe" file that VirusTotal processed on 12/11/2004 at 12:17:16.
Antivirus Version Update Result
AntiVir 6.29.0.4 12.10.2004 TR/Dldr.Delf.CB
BitDefender 7.0 12.11.2004 BehavesLike:Trojan.Downloader
ClamWin devel-20041205 12.10.2004 -
DrWeb 4.32b 12.11.2004 Trojan.DownLoader.970
eTrust-Iris 7.1.194.0 12.11.2004 -
eTrust-Vet 11.7.0.0 12.10.2004 -
F-Prot 3.15b 12.10.2004 -
Kaspersky 4.0.2.24 12.11.2004 Trojan-Downloader.Win32.Agent.fm
NOD32v2 1.945 12.11.2004 Win32/TrojanDownloader.Small.PL
Norman 5.70.10 12.10.2004 W32/Downloader
Panda 7.02.00 12.10.2004 -
Sybari 7.5.1314 12.11.2004 W32/Downloade
Symantec 8.0 12.10.2004 -



Как видно Symantec 8.0 и eTrust не поймали вообще ничего, т.е. худший из возможных результатов. КАспер дал лучший результат, 3 из 4.

[Geser]

Только что выловил свежий троян Trojan-Dropper

This is the report of the scanning done over "x.chm" file that VirusTotal processed on 12/17/2004 at 16:41:39.
Antivirus Version Update Result
AntiVir 6.29.0.5 12.17.2004 -
BitDefender 7.0 12.17.2004 Exploit.Html.Codebase.Exec.Gen
ClamWin devel-20041205 12.17.2004 -
DrWeb 4.32b 12.17.2004 -
eTrust-Iris 7.1.194.0 12.17.2004 -
eTrust-Vet 11.7.0.0 12.17.2004 -
F-Prot 3.15b 12.17.2004 -
Kaspersky 4.0.2.24 12.17.2004 Trojan-Dropper.Win32.Small.oo
NOD32v2 1.951 12.17.2004 -
Norman 5.70.10 12.16.2004 -
Panda 7.02.00 12.17.2004 -
Sybari 7.5.1314 12.17.2004 Trojan-Dropper.Win32.Small.oo
Symantec 8.0 12.16.2004 -

[Geser]

Проверка последних 3 выловленных зверей:
Service load: 0% 100%

File: eplrr3.#ll
Status: INFECTED/MALWARE
Packers detected: None

AntiVir TR/Proxy.Small.AH.1 (0.14 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender Trojan.Proxy.Corpse.A (0.34 seconds taken)
ClamAV No viruses found (0.41 seconds taken)
Dr.Web Trojan.Proxy.164 (0.53 seconds taken)
F-Prot Antivirus No viruses found (0.07 seconds taken)
Kaspersky Anti-Virus Trojan-Proxy.Win32.Small.ah (0.64 seconds taken)
mks_vir Trojan.Proxy.Small.Ah.Gen (0.20 seconds taken)
NOD32 Win32/TrojanProxy.Small.NAA (0.37 seconds taken)
Norman Virus Control No viruses found (0.45 seconds taken)

File: ibs.#xe
Status: INFECTED/MALWARE
Packers detected: UPX

AntiVir No viruses found (0.15 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender Trojan.HideDial.B (0.35 seconds taken)
ClamAV No viruses found (0.40 seconds taken)
Dr.Web Trojan.DownLoader.1360 (0.53 seconds taken)
F-Prot Antivirus No viruses found (0.08 seconds taken)
Kaspersky Anti-Virus not-a-virusorn-Downloader.Win32.TibSystems (0.66 seconds taken)
mks_vir No viruses found (0.26 seconds taken)
NOD32 probably unknown NewHeur_PE (probable variant) (0.47 seconds taken)

File: winhost.exe
Status: INFECTED/MALWARE
Packers detected: UPX

AntiVir No viruses found (0.43 seconds taken)
Avast No viruses found (3.01 seconds taken)
BitDefender No viruses found (1.14 seconds taken)
ClamAV No viruses found (0.45 seconds taken)
Dr.Web No viruses found (0.59 seconds taken)
F-Prot Antivirus No viruses found (0.10 seconds taken)
Kaspersky Anti-Virus Trojan.Win32.Delf.hf (0.76 seconds taken)
mks_vir No viruses found (0.40 seconds taken)
NOD32 No viruses found (0.76 seconds taken)
Norman Virus Control No viruses found (1.97 seconds taken)

[Geser]

This is the report of the scanning done over "__1064" file that VirusTotal processed on 01/12/2005 at 21:06:24.
Antivirus Version Update Result
AntiVir 6.29.0.5 01.12.2005 -
BitDefender 7.0 01.12.2005 BehavesLike:Trojan.ShellReg
ClamAV devel-20041205 01.11.2005 -
DrWeb 4.32b 01.12.2005 Win32.RAHack
eTrust-Iris 7.1.194.0 01.12.2005 -
eTrust-Vet 11.7.0.0 01.12.2005 -
F-Prot 3.16a 01.12.2005 could be infected with an unknown virus
Kaspersky 4.0.2.24 01.12.2005 Backdoor.Win32.Agent.go
NOD32v2 1.969 01.12.2005 Win32/Agent.GO
Norman 5.70.10 01.11.2005 W32/RAdmin.2_0B
Panda 8.02.00 01.12.2005 -
Sybari 7.5.1314 01.12.2005 Backdoor.Win32.Agent.go
Symantec 8.0 01.12.2005 -

[Geser]

This is the report of the scanning done over "__1055" file that VirusTotal processed on 01/12/2005 at 21:12:09.
Antivirus Version Update Result
AntiVir 6.29.0.5 01.12.2005 -
BitDefender 7.0 01.12.2005 Dialer.ZZ
ClamAV devel-20041205 01.11.2005 Trojan.Downloader.Small-216
DrWeb 4.32b 01.12.2005 Trojan.DownLoader.1412
eTrust-Iris 7.1.194.0 01.12.2005 -
eTrust-Vet 11.7.0.0 01.12.2005 -
F-Prot 3.16a 01.12.2005 -
Kaspersky 4.0.2.24 01.12.2005 Trojan-Downloader.Win32.Small.agi
NOD32v2 1.969 01.12.2005 -
Norman 5.70.10 01.11.2005 -
Panda 8.02.00 01.12.2005 -
Sybari 7.5.1314 01.12.2005 Trojan-Downloader.Win32.Small.agi
Symantec 8.0 01.12.2005 -

[Geser]

This is the report of the scanning done over "CRSS.EX" file that VirusTotal processed on 01/15/2005 at 12:22:45.
Antivirus Version Update Result
AntiVir 6.29.0.7 01.14.2005 TR/PSW.LdPinch.is
AVG 718 01.14.2005 -
BitDefender 7.0 01.15.2005 -
ClamAV devel-20041205 01.14.2005 Trojan.LdPinch-19
DrWeb 4.32b 01.14.2005 BackDoor.Pinched
eTrust-Iris 7.1.194.0 01.15.2005 -
eTrust-Vet 11.7.0.0 01.14.2005 -
F-Prot 3.16a 01.14.2005 -
Kaspersky 4.0.2.24 01.15.2005 Trojan-PSW.Win32.LdPinch.is
NOD32v2 1.971 01.14.2005 probably unknown NewHeur_PE
Norman 5.70.10 01.14.2005 -
Panda 8.02.00 01.14.2005 Trj/LdPinch.BJ
Sybari 7.5.1314 01.15.2005 Trojan-PSW.Win32.PdPinch.gen
Symantec 8.0 01.14.2005 PWSteal.Ldpinch

Geser
А ты не мог бы проверить с использованием MKS_VIR, или выслать на меня - я проверю...

[Geser]

Geser
А ты не мог бы проверить с использованием MKS_VIR, или выслать на меня - я проверю...

В следующий раз постараюсь.

MKS_VIR можно вот тут проверять:
http://virusscan.jotti.dhs.org/

[Geser]

Только что поймал за хвост живого трояна. Скацак кряк к одной проге. Вот такая картина:
Results of a file scan
This is the report of the scanning done over "damn_tds-3320._xe" file that VirusTotal processed on 02/07/2005 at 19:19:47 (GMT+1).
Antivirus Version Update Result
AntiVir 6.29.0.11 02.07.2005 no virus found
AVG 718 02.07.2005 no virus found
BitDefender 7.0 02.07.2005 no virus found
ClamAV devel-20050130 02.04.2005 no virus found
DrWeb 4.32b 02.07.2005 Trojan.KillFiles.47557
eTrust-Iris 7.1.194.0 02.06.2005 no virus found
eTrust-Vet 11.7.0.0 02.07.2005 no virus found
F-Prot 3.16a 02.05.2005 no virus found
Kaspersky 4.0.2.24 02.07.2005 Trojan-Dropper.Win32.Small.sd
NOD32v2 1.992 02.05.2005 no virus found
Norman 5.70.10 02.03.2005 no virus found
Panda 8.02.00 02.07.2005 no virus found
Sybari 7.5.1314 02.07.2005 Trojan-Dropper.Win32.Small.sd
Symantec 8.0 02.06.2005 no virus found

Service load: 0% 100%

File: damn_tds-3320.#xe
Status: INFECTED/MALWARE
Packers detected: UPX, ASPACK, FSG

AntiVir No viruses found (0.25 seconds taken)
Avast Win32:Trojan-gen. (1.59 seconds taken)
AVG Antivirus No viruses found (3.61 seconds taken)
BitDefender No viruses found (0.74 seconds taken)
ClamAV No viruses found (0.42 seconds taken)
Dr.Web Trojan.KillFiles.47557 (0.57 seconds taken)
F-Prot Antivirus No viruses found (0.75 seconds taken)
Fortinet No viruses found (0.53 seconds taken)
Kaspersky Anti-Virus Trojan-Dropper.Win32.Small.sd (0.71 seconds taken)
mks_vir No viruses found (0.37 seconds taken)
NOD32 No viruses found (0.58 seconds taken)
Norman Virus Control No viruses found (1.56 seconds taken)

Кстати, ВБА его поределяет Похоже пора вносить ВБА в список рекомендуемых

Кстати, зашел на http://virusscan.jotti.dhs.org/ и увидел еще одну картину:

Scanner Malware name Time taken
AntiVir X 0.23 seconds
Avast X 1.51 seconds
AVG Antivirus X 0.84 seconds
BitDefender X 0.38 seconds
ClamAV X 0.42 seconds
Dr.Web BackDoor.HackDef.84 0.57 seconds
F-Prot Antivirus X 0.47 seconds
Fortinet X 0.43 seconds
Kaspersky Anti-Virus Backdoor.Win32.HacDef.084 0.73 seconds
mks_vir X 0.22 seconds
NOD32 X 0.52 seconds
Norman Virus Control X 1.06 seconds

Как говорится, думайте сами, решайте сами

[Geser]

Results of a file scan
This is the report of the scanning done over "ipreg32.dll" file that VirusTotal processed on 02/07/2005 at 20:14:04 (GMT+1).
Antivirus Version Update Result
AntiVir 6.29.0.11 02.07.2005 no virus found
AVG 718 02.07.2005 no virus found
BitDefender 7.0 02.07.2005 no virus found
ClamAV devel-20050130 02.04.2005 no virus found
DrWeb 4.32b 02.07.2005 no virus found
eTrust-Iris 7.1.194.0 02.06.2005 Win32/SillyDL.DQ!DLL!Trojan
eTrust-Vet 11.7.0.0 02.07.2005 Win32.SillyDl.DQ
F-Prot 3.16a 02.05.2005 no virus found
Kaspersky 4.0.2.24 02.07.2005 Trojan-Downloader.Win32.Domcom.b
NOD32v2 1.992 02.05.2005 Win32/TrojanDownloader.Domcom.A
Norman 5.70.10 02.03.2005 no virus found
Panda 8.02.00 02.07.2005 Spyware/Iehelp
Sybari 7.5.1314 02.07.2005 Downloader-TW
Symantec 8.0 02.06.2005 no virus found

[Andrey]

Ну и что? Не сегодня - завтра добавят.
В сети по 200-300 штук malware в день появляется, а AV конторы пока телепатов не держат .

[Geser]

Ну и что? Не сегодня - завтра добавят.
В сети по 200-300 штук malware в день появляется, а AV конторы пока телепатов не держат .

Так всё дело в том, кто быстрее работает
А некоторые и через месяц не добавят, не только завтра. Проверял и не только я.

[Geser]

Results of a file scan
This is the report of the scanning done over "hhnt._xe" file that VirusTotal processed on 02/08/2005 at 22:27:13 (GMT+1).
Antivirus Version Update Result
AntiVir 6.29.0.11 02.08.2005 TR/StartPage.of
AVG 718 02.07.2005 no virus found
BitDefender 7.0 02.08.2005 no virus found
ClamAV devel-20050130 02.08.2005 no virus found
DrWeb 4.32b 02.08.2005 Trojan.DownLoader.1340
eTrust-Iris 7.1.194.0 02.08.2005 no virus found
eTrust-Vet 11.7.0.0 02.08.2005 no virus found
Fortinet 2.51 02.08.2005 no virus found
F-Prot 3.16a 02.08.2005 no virus found
Kaspersky 4.0.2.24 02.08.2005 Trojan.Win32.Qhost.al
NOD32v2 1.993 02.07.2005 no virus found
Norman 5.70.10 02.07.2005 no virus found
Panda 8.02.00 02.08.2005 Trj/StartPage.OF
Sybari 7.5.1314 02.08.2005 Trojan.Qhost.I
Symantec 8.0 02.08.2005 no virus found

Results of a file scan
This is the report of the scanning done over "ysbactivex.dll" file that VirusTotal processed on 02/08/2005 at 22:29:51 (GMT+1).
Antivirus Version Update Result
AntiVir 6.29.0.11 02.08.2005 no virus found
AVG 718 02.07.2005 no virus found
BitDefender 7.0 02.08.2005 no virus found
ClamAV devel-20050130 02.08.2005 Trojan.Downloader.Istbar-59
DrWeb 4.32b 02.08.2005 no virus found
eTrust-Iris 7.1.194.0 02.08.2005 no virus found
eTrust-Vet 11.7.0.0 02.08.2005 no virus found
Fortinet 2.51 02.08.2005 no virus found
F-Prot 3.16a 02.08.2005 no virus found
Kaspersky 4.0.2.24 02.08.2005 Trojan-Downloader.Win32.IstBar.gz
NOD32v2 1.993 02.07.2005 no virus found
Norman 5.70.10 02.07.2005 no virus found
Panda 8.02.00 02.08.2005 Spyware/YourSiteBar
Sybari 7.5.1314 02.08.2005 Trojan-Downloader.Win32.IstBar.gz
Symantec 8.0 02.08.2005 no virus found


Results of a file scan
This is the report of the scanning done over "ppc.dll" file that VirusTotal processed on 02/08/2005 at 22:31:34 (GMT+1).
Antivirus Version Update Result
AntiVir 6.29.0.11 02.08.2005 TR/Click.Delf.BC
AVG 718 02.07.2005 no virus found
BitDefender 7.0 02.08.2005 Trojan.Clicker.Delf.BC
ClamAV devel-20050130 02.08.2005 no virus found
DrWeb 4.32b 02.08.2005 no virus found
eTrust-Iris 7.1.194.0 02.08.2005 no virus found
eTrust-Vet 11.7.0.0 02.08.2005 no virus found
Fortinet 2.51 02.08.2005 no virus found
F-Prot 3.16a 02.08.2005 no virus found
Kaspersky 4.0.2.24 02.08.2005 Trojan-Clicker.Win32.Delf.bc
NOD32v2 1.993 02.07.2005 no virus found
Norman 5.70.10 02.07.2005 no virus found
Panda 8.02.00 02.08.2005 no virus found
Sybari 7.5.1314 02.08.2005 Trojan-Clicker.Win32.Delf.bc
Symantec 8.0 02.08.2005 no virus found

[jack]

Интересный результат сканирования файла зараженного
Email-Worm.Win32.Bagle.pac после простого архивирования в WinRare. Symantec меня все больше и больше разочаровывает.

Antivirus Version Update Result
AntiVir 6.30.0.5 03.07.2005 no virus found
AVG 718 03.04.2005 I-Worm/Bagle.BX
BitDefender 7.0 03.06.2005 Win32.Bagle.BG@mm
ClamAV devel-20050130 03.06.2005 Worm.Bagle.BA-RAR
DrWeb 4.32b 03.07.2005 Win32.HLLM.Beagle.33792
eTrust-Iris 7.1.194.0 03.06.2005 no virus found
eTrust-Vet 11.7.0.0 03.07.2005 no virus found
Fortinet 2.51 03.05.2005 W32/Mitglieder.CD.gen-tr
F-Prot 3.16a 03.07.2005 security risk named W32/Mitglieder.gen
Ikarus 2.32 03.06.2005 no virus found
Kaspersky 4.0.2.24 03.07.2005 Email-Worm.Win32.Bagle.pac
NOD32v2 1.1019 03.06.2005 Win32/Bagle.BA
Norman 5.70.10 03.07.2005 no virus found
Panda 8.02.00 03.06.2005 Trj/Mitglieder.BO
Sybari 7.5.1314 03.07.2005 Win32.Glieder.S
Symantec 8.0 03.07.2005 no virus found