Исследование антивирусов 6

[zorro84]

Файл vfpqlp.txt получен 2008.09.18 16:06:09 (CET)
Результат: 12/36 (33.34%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.9.13.0 2008.09.18 -
AntiVir 7.8.1.34 2008.09.18 TR/Crypt.CFI.Gen
Authentium 5.1.0.4 2008.09.18 -
Avast 4.8.1195.0 2008.09.18 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.18 -
BitDefender 7.2 2008.09.18 -
CAT-QuickHeal 9.50 2008.09.17 Trojan.Autoit.dm
ClamAV 0.93.1 2008.09.18 -
DrWeb 4.44.0.09170 2008.09.18 -
eSafe 7.0.17.0 2008.09.17 Suspicious File
eTrust-Vet 31.6.6091 2008.09.16 -
Ewido 4.0 2008.09.18 -
F-Prot 4.4.4.56 2008.09.18 -
F-Secure 8.0.14332.0 2008.09.18 Trojan.Win32.Autoit.dm
Fortinet 3.113.0.0 2008.09.18 W32/Agent.DF!tr
GData 19 2008.09.18 Win32:Trojan-gen
Ikarus T3.1.1.34.0 2008.09.18 Trojan.Win32.Autoit.dt
K7AntiVirus 7.10.461 2008.09.18 -
Kaspersky 7.0.0.125 2008.09.18 Trojan.Win32.Autoit.dm
McAfee 5386 2008.09.17 -
Microsoft 1.3903 2008.09.18 -
NOD32v2 3452 2008.09.18 -
Norman 5.80.02 2008.09.17 -
Panda 9.0.0.4 2008.09.18 -
PCTools 4.4.2.0 2008.09.18 -
Prevx1 V2 2008.09.18 Cloaked Malware
Rising 20.62.32.00 2008.09.18 -
Sophos 4.33.0 2008.09.18 -
Sunbelt 3.1.1645.1 2008.09.17 -
Symantec 10 2008.09.18 -
TheHacker 6.3.0.9.086 2008.09.18 -
TrendMicro 8.700.0.1004 2008.09.18 WORM_AUTORUN.AB
VBA32 3.12.8.5 2008.09.17 -
ViRobot 2008.9.18.1381 2008.09.18 -
VirusBuster 4.5.11.0 2008.09.17 -
Webwasher-Gateway 6.6.2 2008.09.18 Trojan.Crypt.CFI.Gen

[Hanson]

Файл ntos.exe получен 2008.09.24 08:55:02 (CET)

Результат: 1/36 (2.78%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.9.23.1 2008.09.24 -
AntiVir 7.8.1.34 2008.09.23 -
Authentium 5.1.0.4 2008.09.23 -
Avast 4.8.1195.0 2008.09.23 -
AVG 8.0.0.161 2008.09.23 -
BitDefender 7.2 2008.09.24 -
CAT-QuickHeal 9.50 2008.09.24 -
ClamAV 0.93.1 2008.09.24 -
DrWeb 4.44.0.09170 2008.09.24 -
eSafe 7.0.17.0 2008.09.23 -
eTrust-Vet 31.6.6101 2008.09.23 -
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.23 -
F-Secure 8.0.14332.0 2008.09.24 -
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.24 -
Ikarus T3.1.1.34.0 2008.09.24 -
K7AntiVirus 7.10.469 2008.09.23 -
Kaspersky 7.0.0.125 2008.09.24 Trojan-Spy.Win32.Zbot.fae
McAfee 5390 2008.09.23 -
Microsoft 1.3903 2008.09.24 -
NOD32 3466 2008.09.24 -
Norman 5.80.02 2008.09.23 -
Panda 9.0.0.4 2008.09.23 -
PCTools 4.4.2.0 2008.09.23 -
Prevx1 V2 2008.09.24 -
Rising 20.63.21.00 2008.09.24 -
Sophos 4.33.0 2008.09.24 -
Sunbelt 3.1.1666.1 2008.09.24 -
Symantec 10 2008.09.24 -
TheHacker 6.3.0.9.092 2008.09.24 -
TrendMicro 8.700.0.1004 2008.09.23 -
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.24 -
VirusBuster 4.5.11.0 2008.09.23 -
Webwasher-Gateway 6.6.2 2008.09.23 -

сеня ситуация лучше уже Результат: 10/36 (27.78%)


The file 'NTOS' has been determined to be 'MALWARE'. Our analysts named the threat TR/Spy.ZBot.fae.1. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version

авира ответила )))
а вот в НоДЕ предпочитают никогда неотвечать,
да и в базы они добавляют ОООЧЕНЬЬ долго

[strawser]

File sms_reader.exe received on 09.25.2008 12:52:41 (CET)
AhnLab-V3 2008.9.25.0 2008.09.25 Win-Trojan/Injector.45568.B
AntiVir 7.8.1.34 2008.09.25 -
Authentium 5.1.0.4 2008.09.24 W32/Backdoor2.CFAC
Avast 4.8.1195.0 2008.09.25 Win32elf-LAC
AVG 8.0.0.161 2008.09.25 BackDoor.Generic10.KAL
BitDefender 7.2 2008.09.25 Trojan.Delf.Inject.AX
CAT-QuickHeal 9.50 2008.09.25 Win32.Backdoor.Delf.kho.8
ClamAV 0.93.1 2008.09.25 Trojan.Buzus-1620
DrWeb 4.44.0.09170 2008.09.25 BackDoor.IRC.Sdbot.3840
eSafe 7.0.17.0 2008.09.24 -
eTrust-Vet 31.6.6105 2008.09.24 Win32/Bifrost.EZ
Ewido 4.0 2008.09.25 Backdoor.Delf.kho
F-Prot 4.4.4.56 2008.09.25 W32/Backdoor2.CFAC
F-Secure 8.0.14332.0 2008.09.25 Backdoor.Win32.Delf.kho
Fortinet 3.113.0.0 2008.09.25 W32/Delf.KHO!tr
GData 19 2008.09.25 Trojan.Delf.Inject.AX
Ikarus T3.1.1.34.0 2008.09.25 Trojan.Injector.AF
K7AntiVirus 7.10.470 2008.09.24 Backdoor.Win32.Delf.kho
Kaspersky 7.0.0.125 2008.09.25 Backdoor.Win32.Delf.kho
McAfee 5391 2008.09.24 MultiDropper-RY
Microsoft 1.3903 2008.09.25 VirTool:Win32/DelfInject.gen!N
NOD32 3470 2008.09.25 a variant of Win32/Injector.CL
Norman 5.80.02 2008.09.24 W32/Malware
Panda 9.0.0.4 2008.09.24 -
PCTools 4.4.2.0 2008.09.24 -
Prevx1 V2 2008.09.25 -
Rising 20.63.32.00 2008.09.25 Trojan.Win32.Buzus.nuy
Sophos 4.33.0 2008.09.25 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.09.25 -
TheHacker 6.3.0.9.093 2008.09.25 -
TrendMicro 8.700.0.1004 2008.09.25 -
VBA32 3.12.8.6 2008.09.25 Trojan.Win32.Buzus.oie
ViRobot 2008.9.25.1392 2008.09.25 Trojan.Win32.Buzus.58368
VirusBuster 4.5.11.0 2008.09.24 Backdoor.Delf.BGUE
Webwasher-Gateway 6.6.2 2008.09.25 -
Additional information
File size: 138752 bytes
MD5...: 9ef87d7687aeeac31347b559f545059b
SHA1..: d4d45fe3ecdf2c332fdb2040d95479125c88a684
SHA256: 228426565ddda774e344d9a91905503d6054d8e666c9f0004a 198b8861b94337
SHA512: 683fdb03a1617ecef5edbc269a70d213f296484e944ceaa96f f4b7e0781884e4
8d64c3823ad84532395205ef414ae22f194e3cfae3ce31020e 0af4d2795f3498
PEiD..: -

[Синауридзе Александр]

Файл trzF5F.tmp получен 2008.09.27 04:37:08 (CET)

AhnLab-V3 2008.9.25.0 2008.09.26 Win-Trojan/Hamweq.9728
AntiVir 7.8.1.34 2008.09.26 TR/Dropper.Gen
Authentium 5.1.0.4 2008.09.27 W32/Worm.XVU
Avast 4.8.1195.0 2008.09.26 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.26 Klone.W
BitDefender 7.2 2008.09.27 Backdoor.Hamweq.A
CAT-QuickHeal 9.50 2008.09.26 Trojan.Agent.gen
ClamAV 0.93.1 2008.09.27 Trojan.Kolabc.BFY
DrWeb 4.44.0.09170 2008.09.27 Win32.HLLW.Autoruner.2077
eSafe 7.0.17.0 2008.09.25 Suspicious File
eTrust-Vet 31.6.6111 2008.09.27 Win32/SillyAutorun.MW
Ewido 4.0 2008.09.26 Worm.AutoRun.eda
F-Prot 4.4.4.56 2008.09.27 W32/Worm.XVU
F-Secure 8.0.14332.0 2008.09.27 W32/Hamweq.gen1
Fortinet 3.113.0.0 2008.09.27 -
GData 19 2008.09.27 Backdoor.Hamweq.A
Ikarus T3.1.1.34.0 2008.09.27 Worm.Win32.VB.el
K7AntiVirus 7.10.475 2008.09.26 Trojan.Win32.Inject.zi
Kaspersky 7.0.0.125 2008.09.27 -
McAfee 5393 2008.09.27 W32/IRCbot.gen.c
Microsoft 1.3903 2008.09.27 Worm:Win32/Hamweq.A
NOD32 3475 2008.09.26 Win32/Inject.NAX
Norman 5.80.02 2008.09.26 W32/Hamweq.gen1
Panda 9.0.0.4 2008.09.27 Bck/SDBot.LWE
PCTools 4.4.2.0 2008.09.26 -
Rising 20.63.42.00 2008.09.26 -
SecureWeb-Gateway 6.7.6 2008.09.26 Trojan.Dropper.Gen
Sophos 4.34.0 2008.09.27 Sus/UnkPacker
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.09.27 W32.SillyFDC
TheHacker 6.3.0.9.094 2008.09.25 -
TrendMicro 8.700.0.1004 2008.09.26 PAK_Generic.001
VBA32 3.12.8.6 2008.09.27 Backdoor.Win32.Agent.jue
ViRobot 2008.9.26.1394 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.26 Packed/Pepsi

Дополнительная информация
File size: 33280 bytes
MD5...: ced0689850e8c6f544097d5f218a70b9
SHA1..: f62558ac977f6b6f85c1c88bc70954ecd7ae8b7d
SHA256: 1d4ecf36709a15c014338d8e5f8097eb5dd876168317186b8b c79642722cb519
SHA512: 9f402ea77ca9daafa3a937975479c8cd939e05303cf462dbd6 fed443ed0569fa
8e48670e295023e965d041792e2fc557f41cff79ce08e8e603 677657dab18c9e
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x407124
timedatestamp.....: 0x47ec14d6 (Thu Mar 27 21:42:46 200
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.pepsi 0x1000 0x6000 0x1dd5 7.40 4cdd1c7708d69fa7a4bffb638c8474a3
.text 0x7000 0x1000 0x600 5.73 4f18d5ee8ce76e6ef6e9203a51d95079

( 1 imports )
> kernel32.dll: ExitProcess, GetModuleHandleA, GetProcAddress, LoadLibraryA, RtlZeroMemory, VirtualAlloc, VirtualFree, VirtualProtect

( 0 exports )

Norman Sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 33280 bytes.

Добавлено через 5 часов 58 минут

Уже ответили:

Здравствуйте,

trzF5F - Worm.Win32.AutoRun.pes

Детектирование файла будет добавлено в следующее обновление.

Пожалуйста, при ответе включайте переписку целиком.

--
С уважением, Евгений Асеев
Вирусный аналитик Лаборатории Касперского.
e-mail: [email protected]
http://www.kaspersky.com/

http://www.kaspersky.ru/virusscanner - Онлайн тестирование самыми свежими KAV-базами.
http://www.kaspersky.com/helpdesk.html - техническая поддержка

> Attachment: trzF5F.bz2

> Здравствуйте!
>
> Отправляю Вам файл для анализа. Заранее спасибо за ответ.

[ananas]

Файл vkontakt.exe получен 2008.09.28 22:05:32 (CET)
Текущий статус: закончено
Результат: 15/36 (41.67%)
Форматированные
Печать результатов Антивирус Версия Обновление Результат
AhnLab-V3 2008.9.25.0 2008.09.26 -
AntiVir 7.8.1.34 2008.09.28 TR/KillDisk.AN
Authentium 5.1.0.4 2008.09.28 -
Avast 4.8.1195.0 2008.09.27 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.28 Generic11.YZX
BitDefender 7.2 2008.09.28 -
CAT-QuickHeal 9.50 2008.09.27 -
ClamAV 0.93.1 2008.09.28 -
DrWeb 4.44.0.09170 2008.09.28 Trojan.KillMBR.143
eSafe 7.0.17.0 2008.09.28 -
eTrust-Vet 31.6.6110 2008.09.26 -
Ewido 4.0 2008.09.28 -
F-Prot 4.4.4.56 2008.09.27 -
F-Secure8.0.14332.0 2008.09.28 Trojan.Win32.KillDisk.an
Fortinet 3.113.0.0 2008.09.28 -
GData 19 2008.09.28 Win32:Trojan-gen {Other}
Ikarus T3.1.1.34.0 2008.09.28 Trojan-Proxy.Win32.Delf.cc
K7AntiVirus 7.10.476 2008.09.27 Trojan.Win32.KillDisk.an
Kaspersky 7.0.0.125 2008.09.28 Trojan.Win32.KillDisk.an
McAfee 5393 2008.09.27 Generic.dx
Microsoft 1.3903 2008.09.28 -
NOD32 3478 2008.09.28 -
Norman 5.80.02 2008.09.26 -
Panda 9.0.0.4 2008.09.28 -
PCTools 4.4.2.0 2008.09.26 -
Prevx1 V2 2008.09.28 Worm
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway6.7.62008.09.28 Trojan.KillDisk.AN
Sophos 4.34.0 2008.09.28 -
Sunbelt 3.1.1675.1 2008.09.27 Trojan.Win32.KillDisk.an
Symantec 10 2008.09.28 -
TheHacker 6.3.0.9.095 2008.09.27 -
TrendMicro8.700.0.1004 2008.09.26 TROJ_KILLDISK.AM
VBA32 3.12.8.6 2008.09.27 Trojan.KillMBR.143
ViRobot 2008.9.26.1394 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.28 -
Дополнительная информация
File size: 44032 bytes
MD5...: 6147920244c67a3c3f2d92af8f396d95

[insane]

File Name : Юле 35.exe
File Size : 87126 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : c67e887a58bfc0c0a3f8b4ef518a514b
SHA1 : be93aa06e900876340a808dc8d7a16458fa62ed6


a-squared 4.0.0.14 2008.09.28 2008-09-28 - 1.562
AhnLab V3 2008.09.29.01 2008.09.29 2008-09-29 - 0.956
AntiVir 7.8.1.34 7.0.6.222 2008-09-29 Worm/Delf.BL.1 2.296
Arcavir 1.0.5 200809281307 2008-09-28 - 1.217
Authentium 5.1.1 200809241708 2008-09-24 W32/Heuristic-131!Eldorado (Heuristic) 1.095
AVAST! 3.0.1 080929-0 2008-09-29 Win32elf-FXF 0.014
AVG 7.5.52.442 270.7.5/1696 2008-09-28 Worm/Delf.BWM 1.650
BitDefender 7.60825.1821573 7.21098 2008-09-29 Win32.Worm.Delf.BL 3.098
CA (VET) 9.0.0.143 31.6.6116 2008-09-29 - 4.984
ClamAV 0.94 8352 2008-09-29 - 0.030
Comodo 2.11 2.0.0.661 2008-09-29 - 3.378
CP Secure 1.1.0.715 2008.09.29 2008-09-29 W32.Delf.bq 5.926
Dr.Web 4.44.0.9170 2008.09.29 2008-09-29 Win32.HLLW.Frendly 3.233
ewido 4.0.0.2 2008.09.28 2008-09-28 - 3.867
F-Prot 4.4.4.56 20080928 2008-09-28 Possible W32/Heuristic-131!Eldorado (not disinfectable) 1.070
F-Secure 5.51.6100 2008.09.29.03 2008-09-29 Virus.Win32.Delf.bq [AVP] 0.040
Fortinet 2.81-3.113 9.600 2008-09-29 W32/Delf.BQ 0.146
Ikarus T3.1.01.34 2008.09.29.71548 2008-09-29 Virus.Win32.Delf.bq 3.355
JiangMin 11.0.706 2008.09.29 2008-09-29 Virus.Delf.al 3.346
Kaspersky 5.5.10 2008.09.29 2008-09-29 Virus.Win32.Delf.bq 0.030
KingSoft 2008.9.8.18 2008.9.29.14 2008-09-29 - 1.206
McAfee 5.3.00 5393 2008-09-26 Generic.dx 1.979
Microsoft 1.3903 2008.09.29 2008-09-29 - 4.099
mks_vir 2.01 2008.09.29 2008-09-29 Worm.Win32.Delf.ysk 2.685
Norman 5.93.01 5.93.00 2008-09-18 W32/Malware.SMM 5.663
nProtect 2008-09-29.00 2184043 2008-09-29 Win32.Worm.Delf.BL 7.645
Panda 9.05.01 2008.09.27 2008-09-27 - 0.962
Quick Heal 9.50 2008.09.29 2008-09-29 - 2.437
Rising 20.0 20.63.62.00 2008-09-28 Worm.Win32.Delf.ysk 1.008
Sophos 2.79.0 4.34 2008-09-29 Mal/Behav-043 1.729
Sunbelt 3.1.1675.1 2261 2008-09-26 - 0.521
Symantec 1.3.0.24 20080928.003 2008-09-28 W32.Folmess 0.075
The Hacker 6.3.0.9 v00096 2008-09-28 - 0.434
Trend Micro 8.700-1004 5.570.07 2008-09-29 WORM_DELF.IPT 0.021
VBA32 3.12.8.6 20080928.0844 2008-09-28 Virus.Win32.Delf.bq 1.204
ViRobot 20080926 2008.09.26 2008-09-26 - 0.427
VirusBuster 4.5.11.10 10.89.1/635920 2008-09-28 - 0.948

[ISO]

File 16.tmp received on 09.30.2008 10:22:28 (CET)
Current status: finished
Result: 12/36 (33.34%)
Antivirus Version Last Update Result
AhnLab-V3 2008.9.25.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 -
Authentium 5.1.0.4 2008.09.29 W32/Heuristic-MU2!Eldorado
Avast 4.8.1195.0 2008.09.29 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.29 -
BitDefender 7.2 2008.09.30 Trojan.Generic.543401
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.09.30 -
DrWeb 4.44.0.09170 2008.09.30 -
eSafe 7.0.17.0 2008.09.29 Suspicious File
eTrust-Vet 31.6.6117 2008.09.30 -
Ewido 4.0 2008.09.29 -
F-Prot 4.4.4.56 2008.09.29 W32/Heuristic-MU2!Eldorado
F-Secure 8.0.14332.0 2008.09.30 -
Fortinet 3.113.0.0 2008.09.30 -
GData 19 2008.09.30 Trojan.Generic.543401
Ikarus T3.1.1.34.0 2008.09.30 -
K7AntiVirus 7.10.476 2008.09.27 -
Kaspersky 7.0.0.125 2008.09.30 -
McAfee 5394 2008.09.30 -
Microsoft 1.4005 2008.09.30 TrojanSpy:Win32/Festeal.B
NOD32 3481 2008.09.29 -
Norman 5.80.02 2008.09.29 W32/Smalltroj.dam
Panda 9.0.0.4 2008.09.29 Trj/Agent.GJD
PCTools 4.4.2.0 2008.09.29 -
Prevx1 V2 2008.09.30 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.09.30 Win32.Malware.dam (suspicious)
Sophos 4.34.0 2008.09.30 -
Sunbelt 3.1.1675.1 2008.09.27 VIPRE.Suspicious
Symantec 10 2008.09.30 Trojan.Dropper
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 3.12.8.6 2008.09.29 -
ViRobot 2008.9.30.1397 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.29 -
Additional information
File size: 40558 bytes
MD5...: 3c44a438a3069f4ca0c280f451cd12d2
SHA1..: f59160f0a13d52475e33d14ab2c4a835ce82e812
SHA256: 4a9801124df640c34c557f7999c37dd6712a86fbfb810c57c3 ad163184e03eca
SHA512: f2727ccdedf22dc754dbe3b14c49c01ec3870cff2fa4224513 b852f3b8013bf6
2f4dc9f3b404ecf62c5e7c7ae8ae877400891c2e91ea6e2479 d051919f5f38a4
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4123b0
timedatestamp.....: 0x46d6ff0d (Thu Aug 30 17:31:57 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x6000 0xd000 0xc600 7.75 23a05301a652409e56a553985f813a75
.rsrc 0x13000 0x1000 0xa00 0.00 d41d8cd98f00b204e9800998ecf8427e

( 0 imports )

( 0 exports )
packers (Kaspersky): PE_Patch

[Granin]

Файл qtslmoyc.dat получен 2008.10.01 02:06:05 (CET)
Результат: 27/35 (77.15%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 TR/Rootkit.Gen
Authentium 5.1.0.4 2008.09.30 W32/Trojan2.INC
Avast 4.8.1195.0 2008.09.30 Win32:Agent-NGL
AVG 8.0.0.161 2008.09.30 Agent.2.AF
BitDefender 7.2 2008.10.01 Trojan.Spy.Agent.NJP
CAT-QuickHeal 9.50 2008.09.30 Trojan.Agent.cid
ClamAV 0.93.1 2008.10.01 Trojan.Rootkit-349
DrWeb 4.44.0.09170 2008.09.30 Trojan.Sentinel
eSafe 7.0.17.0 2008.09.30 -
eTrust-Vet 31.6.6119 2008.09.30 Win32/Kvol.C
Ewido 4.0 2008.09.30 Trojan.Agent.cid
F-Prot 4.4.4.56 2008.09.30 W32/Trojan2.INC
F-Secure 8.0.14332.0 2008.10.01 Trojan.Win32.Agent.cid
Fortinet 3.113.0.0 2008.09.30 W32/Boaxxe.C!tr
GData 19 2008.10.01 Trojan.Spy.Agent.NJP
Ikarus T3.1.1.34.0 2008.10.01 Trojan.Win32.Agent.cid
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Agent.cid
Kaspersky 7.0.0.125 2008.10.01 Trojan.Win32.Agent.cid
McAfee 5394 2008.09.30 BackDoor-CVM!sys
Microsoft 1.4005 2008.10.01 VirTool:WinNT/Boaxxe.C
Norman 5.80.02 2008.09.30 -
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.09.30 Rootkit.Agent.WWD
Prevx1 V2 2008.10.01 Rootkit
Rising 20.63.62.00 2008.09.28 Trojan.Win32.Agent.cid
SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Rootkit.Gen
Sophos 4.34.0 2008.10.01 Troj/Boaxxe-C
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 TROJ_AGENT.AEUA
VBA32 3.12.8.6 2008.09.30 -
ViRobot 2008.9.30.1398 2008.09.30 Trojan.Win32.Agent.5120.F
VirusBuster 4.5.11.0 2008.09.30 Rootkit.Agent.WWD

Дополнительная информация
File size: 5120 bytes
MD5...: 04d090ebbf5e9e8de2f281b085d8578b


Файл boot.com получен 2008.10.01 03:27:55 (CET)
Результат: 14/36 (38.89%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 TR/Autorun.BE
Authentium 5.1.0.4 2008.09.30 -
Avast 4.8.1195.0 2008.09.30 Win32:KdCrypt
AVG 8.0.0.161 2008.09.30 Worm/Generic_r.AO
BitDefender 7.2 2008.10.01 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 4.44.0.09170 2008.09.30 -
eSafe 7.0.17.0 2008.09.30 -
eTrust-Vet 31.6.6119 2008.09.30 Win32/Vipordno.B
Ewido 4.0 2008.09.30 -
F-Prot 4.4.4.56 2008.09.30 W32/Virtumonde.T.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.01 Trojan.Win32.Inject.hzf
Fortinet 3.113.0.0 2008.09.30 -
GData 19 2008.10.01 Win32:KdCrypt
Ikarus T3.1.1.34.0 2008.10.01 -
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Inject.hzf
Kaspersky 7.0.0.125 2008.10.01 Trojan.Win32.Inject.hzf
McAfee 5395 2008.10.01 -
Microsoft 1.4005 2008.10.01 TrojanDropper:Win32/Cutwail.AN
NOD32 3484 2008.09.30 -
Norman 5.80.02 2008.09.30 -
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.09.30 -
Prevx1 V2 2008.10.01 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Autorun.BE
Sophos 4.34.0 2008.10.01 Sus/Behav-282
Sunbelt 3.1.1675.1 2008.09.27 Trojan.Win32.Inject.hzf
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 3.12.8.6 2008.09.30 Trojan.Win32.Inject.hzf
ViRobot 2008.9.30.1398 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.30 -

Дополнительная информация
File size: 28160 bytes
MD5...: cbf8d2a710c257ed5fa9eef30ef1ad08


Файл kdndg.exe получен 2008.10.01 03:37:29 (CET)
Результат: 14/36 (38.89%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 -
Authentium 5.1.0.4 2008.09.30 -
Avast 4.8.1195.0 2008.09.30 Win32:KdCrypt
AVG 8.0.0.161 2008.09.30 Worm/Generic_r.AO
BitDefender 7.2 2008.10.01 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 4.44.0.09170 2008.09.30 -
eSafe 7.0.17.0 2008.09.30 -
eTrust-Vet 31.6.6119 2008.09.30 -
Ewido 4.0 2008.09.30 -
F-Prot 4.4.4.56 2008.09.30 W32/Virtumonde.T.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.01 Suspicious:W32/Malware!Gemini
Fortinet 3.113.0.0 2008.09.30 -
GData 19 2008.10.01 Win32:KdCrypt
Ikarus T3.1.1.34.0 2008.10.01 Virus.Win32.Gipor
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.10.01 -
McAfee 5395 2008.10.01 DNSChanger.gen
Microsoft 1.4005 2008.10.01 Trojan:Win32/Alureon.gen
NOD32 3484 2008.09.30 a variant of Win32/Adware.Virtumonde.NBS
Norman 5.80.02 2008.09.30 -
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.09.30 -
Prevx1 V2 2008.10.01 -
Rising 20.63.62.00 2008.09.28 Trojan.Win32.DNSChanger.drb
SecureWeb-Gateway 6.7.6 2008.10.01 Virus.Win32.FileInfector.gen!92 (suspicious)
Sophos 4.34.0 2008.10.01 Sus/Behav-282
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 3.12.8.6 2008.09.30 suspected of Trojan-Downloader.Agent.31
ViRobot 2008.9.30.1398 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.30 -

Дополнительная информация
File size: 52736 bytes
MD5...: fae8e8003afc655097ca954544d7edc9

про kdndg.exe антивирусы написали разное, а так, вполне приличный руткит


Файл wpx4.cpx получен 2008.10.01 04:06:55 (CET)
Результат: 17/36 (47.23%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 TR/Drop.Tupai.A.1
Authentium 5.1.0.4 2008.09.30 -
Avast 4.8.1195.0 2008.09.30 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.30 Downloader.FraudLoad.W
BitDefender 7.2 2008.10.01 Trojan.Dropper.Tupai.A
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 4.44.0.09170 2008.09.30 -
eSafe 7.0.17.0 2008.09.30 Suspicious File
eTrust-Vet 31.6.6119 2008.09.30 -
Ewido 4.0 2008.09.30 -
F-Prot 4.4.4.56 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.01 Trojan.Win32.Agent.aeqt
Fortinet 3.113.0.0 2008.09.30 PossibleThreat
GData 19 2008.10.01 Trojan.Dropper.Tupai.A
Ikarus T3.1.1.34.0 2008.10.01 Trojan-Dropper.Win32.Prefsap
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.10.01 Trojan.Win32.Agent.aeqt
McAfee 5395 2008.10.01 Generic Dropper
Microsoft 1.4005 2008.10.01 TrojanDropper:Win32/Prefsap.gen
NOD32 3484 2008.09.30 -
Norman 5.80.02 2008.09.30 W32/Agent.IPSX
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.09.30 -
Prevx1 V2 2008.10.01 Worm
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Drop.Tupai.A.1
Sophos 4.34.0 2008.10.01 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 3.12.8.6 2008.09.30 Trojan.Win32.Agent.aepq
ViRobot 2008.9.30.1398 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.30 -

Дополнительная информация
File size: 37376 bytes
MD5...: 864297ef119d0a3d9f55d69263daf6b7

Файл _.exe получен 2008.10.01 04:14:22 (CET)
Результат: 10/36 (27.78%)

AhnLab-V3 2008.10.1.0 2008.09.30 -
AntiVir 7.8.1.34 2008.09.30 DR/Delphi.Gen
Authentium 5.1.0.4 2008.09.30 -
Avast 4.8.1195.0 2008.09.30 -
AVG 8.0.0.161 2008.09.30 Win32/Heur
BitDefender 7.2 2008.10.01 -
CAT-QuickHeal 9.50 2008.09.30 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 4.44.0.09170 2008.09.30 Trojan.MulDrop.17277
eSafe 7.0.17.0 2008.09.30 -
eTrust-Vet 31.6.6119 2008.09.30 -
Ewido 4.0 2008.09.30 -
F-Prot 4.4.4.56 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.01 -
Fortinet 3.113.0.0 2008.09.30 -
GData 19 2008.10.01 -
Ikarus T3.1.1.34.0 2008.10.01 Downloader.Delphi
K7AntiVirus 7.10.478 2008.09.30 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.10.01 -
McAfee 5395 2008.10.01 -
Microsoft 1.4005 2008.10.01 VirTool:Win32/DelfInject.gen!AM
NOD32 3484 2008.09.30 a variant of Win32/Injector.DC
Norman 5.80.02 2008.09.30 -
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.09.30 -
Prevx1 V2 2008.10.01 Malicious Software
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.01 Trojan.Dropper.Delphi.Gen
Sophos 4.34.0 2008.10.01 Troj/Merein-Gen
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.30 -
VBA32 3.12.8.6 2008.09.30 -
ViRobot 2008.9.30.1398 2008.09.30 -
VirusBuster 4.5.11.0 2008.09.30 -

Дополнительная информация
File size: 27136 bytes
MD5...: f5ec6ef43b18526557f64d3e1ef64b0c

[Shu_b]

14 исследований суммировать нет смысла, за прошедший месяц результатов не будет.

[senyak]

Файл Install.exe получен 2008.10.02 18:36:31 (CET)
Текущий статус: закончено
Результат: 25/36 (69.45%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.0 2008.10.02 -
AntiVir 7.8.1.34 2008.10.02 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.10.02 W32/Ristix.A
Avast 4.8.1248.0 2008.10.02 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.02 Win32/Heur
BitDefender 7.2 2008.10.02 Trojan.Generic.743676
CAT-QuickHeal 9.50 2008.10.01 TrojanPSW.LdPinch.aawg
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.02 -
eSafe 7.0.17.0 2008.10.02 Win32.LdPinch.aawg
eTrust-Vet 31.6.6121 2008.10.02 -
Ewido 4.0 2008.10.02 -
F-Prot 4.4.4.56 2008.10.02 W32/Zbot.I.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.02 Trojan-PSW.Win32.LdPinch.aawg
Fortinet 3.113.0.0 2008.10.02 W32/LdPinch.AAWG!tr.pws
GData 19 2008.10.02 Trojan.Generic.743676
Ikarus T3.1.1.34.0 2008.10.02 Trojan-PWS.Win32.LdPinch.aawg
K7AntiVirus 7.10.481 2008.10.02 Trojan-PSW.Win32.LdPinch.aawg
Kaspersky 7.0.0.125 2008.10.02 Trojan-PSW.Win32.LdPinch.aawg
McAfee 5396 2008.10.02 DNSChanger.gen
Microsoft 1.4005 2008.10.02 Trojan:Win32/Alureon.gen!H
NOD32 3490 2008.10.02 -
Norman 5.80.02 2008.10.02 -
Panda 9.0.0.4 2008.10.02 Trj/Ldpinch.WE
PCTools 4.4.2.0 2008.10.02 -
Prevx1 V2 2008.10.02 Suspicious
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.02 Trojan.Crypt.XPACK.Gen
Sophos 4.34.0 2008.10.02 Mal/Generic-A
Sunbelt 3.1.1668.1 2008.09.24 VIPRE.Suspicious
Symantec 10 2008.10.02 -
TheHacker 6.3.0.9.098 2008.10.01 Trojan/PSW.LdPinch.aawg
TrendMicro 8.700.0.1004 2008.10.02 Cryp_Xed-3
VBA32 3.12.8.6 2008.10.02 Malware-Cryptor.Win32.General.2
ViRobot 2008.10.2.1403 2008.10.02 Trojan.Win32.PSWLdPinch.55808.E
VirusBuster 4.5.11.0 2008.10.02 -

Дополнительная информация
File size: 55808 bytes
MD5...: 0ce61a9ed2c52a60ef7b349ca459f1eb
SHA1..: 5a27d502dceb493e12272d5978cc7195a929fa6c
SHA256: 45bdd402dd865fb40a541d3a4d82189bc2a28cdc3577f4cecb 2aedb90b3719c4
SHA512: e3476457e0610663e5b87f1c3beca702f13681e004cc8c5cb6 c59319416a639f
298f08d564d776997677fb1cef833ab98390cb49283f063190 36f516dabe5159
PEiD..: -

[anton_dr]

File _.exe received on 10.04.2008 22:22:41 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 8/36 (22.23%)

Antivirus Version Last Update Result
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.04 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.10.04 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.04 SHeur.CCJK
BitDefender 7.2 2008.10.04 -
CAT-QuickHeal 9.50 2008.10.04 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.10.04 -
DrWeb 4.44.0.09170 2008.10.04 -
eSafe 7.0.17.0 2008.10.02 Suspicious File
eTrust-Vet 31.6.6129 2008.10.04 -
Ewido 4.0 2008.10.04 -
F-Prot 4.4.4.56 2008.10.04 -
F-Secure 8.0.14332.0 2008.10.04 Suspicious:W32/Malware!Gemini
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.04 -
Ikarus T3.1.1.34.0 2008.10.04 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.04 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.04 -
NOD32 3495 2008.10.04 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.04 -
PCTools 4.4.2.0 2008.10.04 -
Prevx1 V2 2008.10.04 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.04 Trojan.Crypt.XPACK.Gen
Sophos 4.34.0 2008.10.04 Sus/UnkPacker
Sunbelt 3.1.1675.1 2008.09.27 VIPRE.Suspicious
Symantec 10 2008.10.04 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.04 -
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.04 -
Additional information
File size: 44544 bytes
MD5...: 4a4c1a0c00a31ead2a3db3d889ef4518
SHA1..: 7dcd352fd267550d1f0ee9c389798401eb0d812a
SHA256: 55123e03c4b15b623d0defbd559269559dcbe3349c6ef1bb60 458ba71197e1fe
SHA512: 8a09197ab5a774fe0a41875575c5a6b1a84727d38c3d29bb47 0a8f5ae8c06832
91fa23709e1614473046d1e7a40105dfd6bdeb010ecf191f14 93712a30d22ee0
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x41a5a7
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0xeb80 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
0x10000 0xa9e9 0xaa00 7.98 d9c8eeeaf2c6e429932ec4a18d2150b8

( 0 imports )

( 0 exports )

[rayoflight]

Файл setup.exe получен 2008.10.05 00:21:18 (CET)

AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.04 DR/Zlob.Gen
Authentium 5.1.0.4 2008.10.04 -
Avast 4.8.1248.0 2008.10.04 -
AVG 8.0.0.161 2008.10.04 -
BitDefender 7.2 2008.10.04 -
CAT-QuickHeal 9.50 2008.10.04 -
ClamAV 0.93.1 2008.10.04 Trojan.Dropper-2529
DrWeb 4.44.0.09170 2008.10.04 -
eSafe 7.0.17.0 2008.10.02 -
eTrust-Vet 31.6.6129 2008.10.04 -
Ewido 4.0 2008.10.04 -
F-Prot 4.4.4.56 2008.10.04 -
F-Secure 8.0.14332.0 2008.10.04 -
Fortinet 3.113.0.0 2008.10.04 -
GData 19 2008.10.04 -
Ikarus T3.1.1.34.0 2008.10.04 -
K7AntiVirus 7.10.484 2008.10.04 -
Kaspersky 7.0.0.125 2008.10.05 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.05 -
NOD32 3495 2008.10.04 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.04 -
PCTools 4.4.2.0 2008.10.04 -
Prevx1 V2 2008.10.05 -
Rising 20.63.62.00 2008.09.28 Trojan.DL.Zlob.GEN
SecureWeb-Gateway 6.7.6 2008.10.04 Trojan.Dropper.Zlob.Gen
Sophos 4.34.0 2008.10.04 -
Sunbelt 3.1.1668.1 2008.09.24 -
Symantec 10 2008.10.04 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.03 Mal_Zlob-2
VBA32 3.12.8.6 2008.10.04 suspected of Downloader.Zlob.3 (paranoid heuristics)
ViRobot 2008.10.4.1406 2008.10.04 -
VirusBuster 4.5.11.0 2008.10.04 -

Дополнительная информация
File size: 72557 bytes
MD5...: 363412d819aee9673213a7a925c8e67a
SHA1..: e77aebd6ea138aceb76fd761de909720c5ddc98c
SHA256: f4621ee1345dca1a1d5cfd2a744ded65973b48740da8497f1e e608102d1e9369
SHA512: 74151ae15f5d03938361a265291695db716d10666861082a5b 0f4c79b0937f66
cde1d89c39329cb1e5a4727f9e2749ce648fe7e43e51278322 2956fb6f1cfe18
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403225
timedatestamp.....: 0x48a737e7 (Sat Aug 16 20:26:15 200
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5976 0x5a00 6.47 335c19bb25cd1d02eec2b0a4eacb979c
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.69 59710519e577598f785044e4d95261f4
.ndata 0x24000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2e000 0xd00 0xe00 3.83 a1a46b4c7c35c54b3e16f1321d622e01

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )

packers (Kaspersky): UPX

[senyak]

Файл avz00003.dta получен 2008.10.06 2037 (CET)
Текущий статус: закончено
Результат: 6/36 (16.67%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.06 -
AntiVir 7.8.1.34 2008.10.06 TR/Dropper.Gen
Authentium 5.1.0.4 2008.10.06 -
Avast 4.8.1248.0 2008.10.05 Win32bot-APR
AVG 8.0.0.161 2008.10.06 -
BitDefender 7.2 2008.10.06 -
CAT-QuickHeal 9.50 2008.10.06 -
ClamAV 0.93.1 2008.10.06 -
DrWeb 4.44.0.09170 2008.10.06 -
eSafe 7.0.17.0 2008.10.05 -
eTrust-Vet 31.6.6131 2008.10.06 -
Ewido 4.0 2008.10.06 -
F-Prot 4.4.4.56 2008.10.05 -
F-Secure 8.0.14332.0 2008.10.06 Trojan-Spy.Win32.Zbot.ffz
Fortinet 3.113.0.0 2008.10.06 -
GData 19 2008.10.06 Win32bot-APR
Ikarus T3.1.1.34.0 2008.10.06 -
K7AntiVirus 7.10.486 2008.10.06 -
Kaspersky 7.0.0.125 2008.10.06 Trojan-Spy.Win32.Zbot.ffz
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.06 -
NOD32 3497 2008.10.06 -
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.06 -
PCTools 4.4.2.0 2008.10.06 -
Prevx1 V2 2008.10.06 -
Rising 20.65.02.00 2008.10.06 -
SecureWeb-Gateway 6.7.6 2008.10.06 Trojan.Dropper.Gen
Sophos 4.34.0 2008.10.06 -
Sunbelt 3.1.1704.1 2008.10.06 -
Symantec 10 2008.10.06 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.06 -
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.6.1408 2008.10.06 -
VirusBuster 4.5.11.0 2008.10.06 -

Дополнительная информация
File size: 118784 bytes
MD5...: 62a4f04a1d6b90e645734208e49581aa
SHA1..: a587c79df47ba07dbb42ee9072ab54c3fcc565de
SHA256: 6f9f1f73421f7c15a62012d699661a5951788c8b9a9c74bd00 fa2f5b706f4122
SHA512: eb940ee943426abce0e77914abceb6879c7ba76bb485e320ff e5544099baa440
3c2aefeeb4413480f0eaed408a97d1f5e100280fdb01ab88d4 09fb9c47677d86
PEiD..: -



Файл avz00001.dta получен 2008.10.06 20:29:25 (CET)
Текущий статус: закончено
Результат: 2/36 (5.56%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.06 -
AntiVir 7.8.1.34 2008.10.06 -
Authentium 5.1.0.4 2008.10.06 -
Avast 4.8.1248.0 2008.10.05 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.06 -
BitDefender 7.2 2008.10.06 -
CAT-QuickHeal 9.50 2008.10.06 -
ClamAV 0.93.1 2008.10.06 -
DrWeb 4.44.0.09170 2008.10.06 -
eSafe 7.0.17.0 2008.10.05 -
eTrust-Vet 31.6.6131 2008.10.06 -
Ewido 4.0 2008.10.06 -
F-Prot 4.4.4.56 2008.10.05 -
F-Secure 8.0.14332.0 2008.10.06 -
Fortinet 3.113.0.0 2008.10.06 -
GData 19 2008.10.06 -
Ikarus T3.1.1.34.0 2008.10.06 -
K7AntiVirus 7.10.486 2008.10.06 -
Kaspersky 7.0.0.125 2008.10.06 -
McAfee 5398 2008.10.04 -
Microsoft 1.4005 2008.10.06 -
NOD32 3497 2008.10.06 -
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.06 -
PCTools 4.4.2.0 2008.10.06 -
Prevx1 V2 2008.10.06 -
Rising 20.65.02.00 2008.10.06 -
SecureWeb-Gateway 6.7.6 2008.10.06 Trojan.Dropper.Gen
Sophos 4.34.0 2008.10.06 -
Sunbelt 3.1.1704.1 2008.10.06 -
Symantec 10 2008.10.06 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.06 -
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.6.1408 2008.10.06 -
VirusBuster 4.5.11.0 2008.10.06 -

Дополнительная информация
File size: 10442752 bytes
MD5...: 3eccb91f73aff9af873e4462d457c8b1
SHA1..: 39a48cdc83c556daa506f161d377ad0610419dae
SHA256: 608964e0b100bc8294c4e86c6d5e1c59dc02ea642339960b7c 13bde3654b6a15
SHA512: c73b903a61b765fbb491dee963e23955ffbe35c3ba370dbc41 43c8c4fda990d1
e8b9bb3bbd6f97cd3cd466673c15e1d4795fca7e8c23c49856 e854e544d2618f
PEiD..: -




Файл avz00004.dta получен 2008.10.06 20:33:10 (CET)
Текущий статус: закончено
Результат: 11/36 (30.56%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.06 -
AntiVir 7.8.1.34 2008.10.06 -
Authentium 5.1.0.4 2008.10.06 -
Avast 4.8.1248.0 2008.10.05 -
AVG 8.0.0.161 2008.10.06 Generic11.ARUR
BitDefender 7.2 2008.10.06 -
CAT-QuickHeal 9.50 2008.10.06 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.10.06 -
DrWeb 4.44.0.09170 2008.10.06 -
eSafe 7.0.17.0 2008.10.05 Suspicious File
eTrust-Vet 31.6.6131 2008.10.06 -
Ewido 4.0 2008.10.06 -
F-Prot 4.4.4.56 2008.10.05 -
F-Secure 8.0.14332.0 2008.10.06 -
Fortinet 3.113.0.0 2008.10.06 -
GData 19 2008.10.06 -
Ikarus T3.1.1.34.0 2008.10.06 -
K7AntiVirus 7.10.486 2008.10.06 -
Kaspersky 7.0.0.125 2008.10.06 Trojan-Downloader.Win32.Small.aepy
McAfee 5398 2008.10.04 FakeAlert-AG.gen.a
Microsoft 1.4005 2008.10.06 TrojanDownloader:Win32/Renos.gen!AU
NOD32 3497 2008.10.06 a variant of Win32/Adware.XPAntivirus.AA
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.06 -
PCTools 4.4.2.0 2008.10.06 -
Prevx1 V2 2008.10.06 Cloaked Malware
Rising 20.65.02.00 2008.10.06 -
SecureWeb-Gateway 6.7.6 2008.10.06 Trojan.Crypt.LooksLike.CFI
Sophos 4.34.0 2008.10.06 Mal/EncPk-CZ
Sunbelt 3.1.1704.1 2008.10.06 -
Symantec 10 2008.10.06 -
TheHacker 6.3.1.0.101 2008.10.04 -
TrendMicro 8.700.0.1004 2008.10.06 -
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.6.1408 2008.10.06 -
VirusBuster 4.5.11.0 2008.10.06 Trojan.FakeAlert.Gen!Pac.2

Дополнительная информация
File size: 184832 bytes
MD5...: f1538453fe8999f364a179a5cc850989
SHA1..: 63981bfd85f91cca0cd42c7abc9315566c62c530
SHA256: b749b03567f37fa03fa4a0301b72c4e5a0f81d14c0f0099a33 8d3e4d7c6667c2
SHA512: e1b1c798824fce58b151ac4026c52509302eb0cd11cfee0f10 77f59a2505355d
e5f00773b10de4fed5fdae63cc4edfc7801b3405ebe7d7099e 7ffc1ef281935f
PEiD..: -

Добавлено через 3 часа 16 минут

Файл MESSAGES.TBB получен 2008.10.06 23:46:15 (CET)
Текущий статус: закончено
Результат: 10/36 (27.78%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.06 -
AntiVir 7.8.1.34 2008.10.06 -
Authentium 5.1.0.4 2008.10.06 -
Avast 4.8.1248.0 2008.10.06 -
AVG 8.0.0.161 2008.10.06 -
BitDefender 7.2 2008.10.06 -
CAT-QuickHeal 9.50 2008.10.06 -
ClamAV 0.93.1 2008.10.06 -
DrWeb 4.44.0.09170 2008.10.06 VBS.PackFor
eSafe 7.0.17.0 2008.10.05 -
eTrust-Vet 31.6.6131 2008.10.06 -
Ewido 4.0 2008.10.06 -
F-Prot 4.4.4.56 2008.10.06 -
F-Secure 8.0.14332.0 2008.10.06 Trojan.Win32.Pakes.ktl
Fortinet 3.113.0.0 2008.10.06 -
GData 19 2008.10.06 Trojan.Downloader.JS.Laugma.AB
Ikarus T3.1.1.34.0 2008.10.06 Trojan-Clicker.HTML.IFrame.lc
K7AntiVirus 7.10.486 2008.10.06 -
Kaspersky 7.0.0.125 2008.10.06 Trojan.Win32.Pakes.ktl
McAfee 5398 2008.10.04 JS/Downloader-AUD
Microsoft 1.4005 2008.10.06 TrojanDownloader:JS/Psyme.gen
NOD32 3497 2008.10.06 -
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.06 -
PCTools 4.4.2.0 2008.10.06 JS.Agent.B
Prevx1 V2 2008.10.06 -
Rising 20.65.02.00 2008.10.06 -
SecureWeb-Gateway 6.7.6 2008.10.06 -
Sophos 4.34.0 2008.10.06 Mal/ObfJS-AB
Sunbelt 3.1.1706.1 2008.10.06 -
Symantec 10 2008.10.06 -
TheHacker 6.3.1.0.102 2008.10.06 -
TrendMicro 8.700.0.1004 2008.10.06 Mal_Hifrm-2
VBA32 3.12.8.6 2008.10.05 -
ViRobot 2008.10.6.1408 2008.10.06 -
VirusBuster 4.5.11.0 2008.10.06 -

Дополнительная информация
File size: 74919 bytes
MD5...: 9b5543b27dfc504c219f9c8d6daa394b
SHA1..: 7429df79d3225a36cc725ae6b5bf1a0ac19893d4
SHA256: 6ddb6eb4db76cbcd14bfbd9a9f014ab6e6663a643433f4d7df d2b0ed78e6fbd0
SHA512: e1421452f5a3801cb7ddbdded48967474eae9c10d687dec99f 6eaedc6a22cda0
31fd23d7902891ab635bf2ea93a72a81c79f20e766310f9af7 e36635d19e1e1c
PEiD..: -
TrID..: File type identification
The Bat! Message Base (99.8%)
HSC music composer song (0.1%)
Lumena CEL bitmap (0.0%)
Corel Photo Paint (0.0%)
VXD Driver (0.0%)
PEInfo: -

[ZhIV]

Файл opr04WJI.htm получен 2008.10.07 07:38:34 (CET)

Код:

AhnLab-V3	2008.10.3.2	2008.10.06	-
AntiVir	7.8.1.34	2008.10.06	-
Authentium	5.1.0.4	2008.10.07	-
Avast	4.8.1248.0	2008.10.06	-
AVG	8.0.0.161	2008.10.06	Exploit
BitDefender	7.2	2008.10.07	-
CAT-QuickHeal	9.50	2008.10.07	-
ClamAV	0.93.1	2008.10.07	-
DrWeb	4.44.0.09170	2008.10.06	VBS.PackFor
eSafe	7.0.17.0	2008.10.07	-
eTrust-Vet	31.6.6132	2008.10.06	-
Ewido	4.0	2008.10.06	-
F-Prot	4.4.4.56	2008.10.06	-
F-Secure	8.0.14332.0	2008.10.07	-
Fortinet	3.113.0.0	2008.10.07	-
GData	19	2008.10.07	-
Ikarus	T3.1.1.34.0	2008.10.07	-
K7AntiVirus	7.10.486	2008.10.06	-
Kaspersky	7.0.0.125	2008.10.06	-
McAfee	5398	2008.10.04	-
Microsoft	1.4005	2008.10.07	-
NOD32	3498	2008.10.07	-
Norman	5.80.02	2008.10.06	-
Panda	9.0.0.4	2008.10.07	-
PCTools	4.4.2.0	2008.10.06	-
Prevx1	V2	2008.10.07	-
Rising	20.65.02.00	2008.10.06	-
SecureWeb-Gateway	6.7.6	2008.10.06	-
Sophos	4.34.0	2008.10.07	Mal/ObfJS-AJ
Sunbelt	3.1.1707.1	2008.10.07	-
Symantec	10	2008.10.07	-
TheHacker	6.3.1.0.102	2008.10.07	-
TrendMicro	8.700.0.1004	2008.10.07	-
VBA32	3.12.8.6	2008.10.07	-
ViRobot	2008.10.7.1409	2008.10.07	-
VirusBuster	4.5.11.0	2008.10.06	-

Дополнительная информация
File size: 40729 bytes
MD5...: 7842dd0880feb829572c2ef34fa63398
SHA1..: 7f66da7a637d952d2e8fa8a0c6355b4c1f419258
SHA256: 12041e906e9e2b8f97a5479e046e79341823b5491284025b8a c4788c8accc812
SHA512: fbf67548b63cde7a4a97bdfc0c1e4a45085877c8ef0af9d682 0bf73e5b5198af<BR>c39224255a289c83cf880d69a155efea da1e05e6c6edd085542ff3e5a57652b7
PEiD..: -

[senyak]

Файл uzrlib.dll получен 2008.10.07 18:52:03 (CET)
Текущий статус: закончено
Результат: 13/36 (36.12%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.3.2 2008.10.07 -
AntiVir 7.8.1.34 2008.10.07 TR/BHO.Agent.mwe
Authentium 5.1.0.4 2008.10.07 -
Avast 4.8.1248.0 2008.10.07 Win32:Hexzone-C
AVG 8.0.0.161 2008.10.07 Adload_r.CG
BitDefender 7.2 2008.10.07 -
CAT-QuickHeal 9.50 2008.10.07 -
ClamAV 0.93.1 2008.10.07 -
DrWeb 4.44.0.09170 2008.10.07 Trojan.Blackmailer.origin
eSafe 7.0.17.0 2008.10.07 -
eTrust-Vet 31.6.6133 2008.10.07 -
Ewido 4.0 2008.10.07 -
F-Prot 4.4.4.56 2008.10.06 W32/AdClicker.E.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.07 Trojan-Ransom.Win32.Hexzone.om
Fortinet 3.113.0.0 2008.10.07 -
GData 19 2008.10.07 Win32:Hexzone-C
Ikarus T3.1.1.34.0 2008.10.07 Trojan.BHO.Agent.mwe
K7AntiVirus 7.10.487 2008.10.07 -
Kaspersky 7.0.0.125 2008.10.07 Trojan-Ransom.Win32.Hexzone.om
McAfee 5399 2008.10.07 -
Microsoft 1.4005 2008.10.07 -
NOD32 3501 2008.10.07 a variant of Win32/BHO.NHU
Norman 5.80.02 2008.10.06 -
Panda 9.0.0.4 2008.10.07 -
PCTools 4.4.2.0 2008.10.07 -
Prevx1 V2 2008.10.07 Adware
Rising 20.65.12.00 2008.10.07 -
SecureWeb-Gateway 6.7.6 2008.10.07 Trojan.BHO.Agent.mwe
Sophos 4.34.0 2008.10.07 -
Sunbelt 3.1.1708.1 2008.10.07 Trojan.Clicker.BHO.AV
Symantec 10 2008.10.07 -
TheHacker 6.3.1.0.102 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.07 -
VBA32 3.12.8.6 2008.10.07 -
ViRobot 2008.10.7.1410 2008.10.07 -
VirusBuster 4.5.11.0 2008.10.07 -

Дополнительная информация
File size: 359424 bytes
MD5...: e2f9d130e95e9a7ce358a4dd5a711ef6
SHA1..: e70a0e2c0a3573cd8e1238bdab1a0dd816ab0463
SHA256: 7050863d1dff1594135adb201b0d4e47827ba2fd7879915e89 be5f8f8ebc2336
SHA512: 32c808ac60a0e6159a7659c72b7ef5b1018261bdbc06d482ac e3ffd7220e6ea7
8e19101d143ef0686c8ee7d78339ceb40943ef2bac00959fb8 d4cc75a4178df7
PEiD..: -

[zorro84]

Код:

AhnLab-V3 	2008.10.3.2 	2008.10.07 	-
AntiVir 	7.8.1.34 	2008.10.07 	TR/Crypt.CFI.Gen
Authentium 	5.1.0.4 	2008.10.07 	-
Avast 	4.8.1248.0 	2008.10.07 	Win32:Trojan-gen {Other}
AVG 	8.0.0.161 	2008.10.07 	Worm/Autoit.DBD
BitDefender 	7.2 	2008.10.07 	Win32.Worm.Sohanad.NCC
CAT-QuickHeal 	9.50 	2008.10.07 	Trojan.Autoit.dt
ClamAV 	0.93.1 	2008.10.07 	-
DrWeb 	4.44.0.09170 	2008.10.07 	-
eSafe 	7.0.17.0 	2008.10.07 	Win32.Autoit.dt
eTrust-Vet 	31.6.6133 	2008.10.07 	Win32/SillyAutorun.QU
Ewido 	4.0 	2008.10.07 	-
F-Prot 	4.4.4.56 	2008.10.06 	-
F-Secure 	8.0.14332.0 	2008.10.07 	Trojan.Win32.Autoit.dt
Fortinet 	3.113.0.0 	2008.10.07 	W32/Autoit.DT!tr
GData 	19 	2008.10.07 	Win32.Worm.Sohanad.NCC
Ikarus 	T3.1.1.34.0 	2008.10.07 	Trojan.Win32.Autoit.dt
K7AntiVirus 	7.10.487 	2008.10.07 	Worm.Win32.AutoIt.cg
Kaspersky 	7.0.0.125 	2008.10.07 	Trojan.Win32.Autoit.dt
McAfee 	5399 	2008.10.07 	W32/YahLover.worm
Microsoft 	1.4005 	2008.10.07 	Trojan:Win32/Meredrop
NOD32 	3501 	2008.10.07 	Win32/Packed.Autoit.Gen
Norman 	5.80.02 	2008.10.06 	AutoRun.FYV
Panda 	9.0.0.4 	2008.10.07 	W32/Sohanat.AS.worm
PCTools 	4.4.2.0 	2008.10.07 	-
Prevx1 	V2 	2008.10.07 	Cloaked Malware
Rising 	20.65.12.00 	2008.10.07 	-
SecureWeb-Gateway 	6.7.6 	2008.10.07 	Trojan.Crypt.CFI.Gen
Sophos 	4.34.0 	2008.10.07 	Mal/Generic-A
Sunbelt 	3.1.1708.1 	2008.10.07 	-
Symantec 	10 	2008.10.07 	W32.SillyFDC
TheHacker 	6.3.1.0.102 	2008.10.07 	Trojan/Autoit.dt
TrendMicro 	8.700.0.1004 	2008.10.07 	WORM_AUTORUN.AB
VBA32 	3.12.8.6 	2008.10.07 	Worm.Win32.AutoIt.cg
ViRobot 	2008.10.7.1410 	2008.10.07 	-
VirusBuster 	4.5.11.0 	2008.10.07 	-
Дополнительная информация
File size: 453700 bytes
MD5...: ff595c6c3298c332f15c9c321a5ec37b
SHA1..: 9f6efc8b0e00a37c2c7149a6e6de773cb46ee98e

Код:

AhnLab-V3	2008.10.3.2	2008.10.07	Win-Trojan/MalPacked.Gen
AntiVir	7.8.1.34	2008.10.07	TR/Crypt.NSPM.Gen
Authentium	5.1.0.4	2008.10.07	W32/Worm.MUG
Avast	4.8.1248.0	2008.10.07	Win32:Oliga
AVG	8.0.0.161	2008.10.07	Generic9.ARIT
BitDefender	7.2	2008.10.07	Packer.Malware.NSAnti.1
CAT-QuickHeal	9.50	2008.10.07	Win32.Packed.NSAnti.r
ClamAV	0.93.1	2008.10.07	-
DrWeb	4.44.0.09170	2008.10.07	Trojan.PWS.Wsgame.2721
eSafe	7.0.17.0	2008.10.07	Suspicious File
eTrust-Vet	31.6.6133	2008.10.07	-
Ewido	4.0	2008.10.07	Worm.AutoRun.bvo
F-Prot	4.4.4.56	2008.10.06	W32/Worm.MUG
F-Secure	8.0.14332.0	2008.10.07	Worm.Win32.AutoRun.bvo
Fortinet	3.113.0.0	2008.10.07	W32/OnLineGames.fam!tr.pws
GData	19	2008.10.07	Packer.Malware.NSAnti.1
Ikarus	T3.1.1.34.0	2008.10.07	Worm.Win32.AutoRun.bvo
K7AntiVirus	7.10.487	2008.10.07	Worm.Win32.AutoRun.bvo
Kaspersky	7.0.0.125	2008.10.07	Worm.Win32.AutoRun.bvo
McAfee	5399	2008.10.07	PWS-Gamania.gen.a
Microsoft	1.4005	2008.10.07	Worm:Win32/Taterf.gen!D
NOD32	3501	2008.10.07	Win32/Pacex.Gen
Norman	5.80.02	2008.10.06	W32/Smalltroj.CIRQ
Panda	9.0.0.4	2008.10.07	Suspicious file
PCTools	4.4.2.0	2008.10.07	Trojan.Lineage.Gen!Pac.3
Prevx1	V2	2008.10.07	Malicious Software
Rising	20.65.12.00	2008.10.07	Packer.Win32.Mian007.a
SecureWeb-Gateway	6.7.6	2008.10.07	Trojan.Crypt.NSPM.Gen
Sophos	4.34.0	2008.10.07	Mal/EncPk-CE
Sunbelt	3.1.1708.1	2008.10.07	-
Symantec	10	2008.10.07	Infostealer.Gampass
TheHacker	6.3.1.0.102	2008.10.07	W32/AutoRun.bvo
TrendMicro	8.700.0.1004	2008.10.07	Mal_NSAnti-1
VBA32	3.12.8.6	2008.10.07	Malware-Cryptor.Win32.NSAnti
ViRobot	2008.10.7.1410	2008.10.07	Trojan.Win32.Amvo.Gen
VirusBuster	4.5.11.0	2008.10.07	Trojan.Onlinegames.Gen!Pac.73
Дополнительная информация
File size: 146493 bytes
MD5...: c6d471b11fd3a0ca583bc897c816ee7d
SHA1..: 2dc510ab29660757a5d60a257409a9310c1132b8

Код:

AhnLab-V3 	2008.10.3.2 	2008.10.07 	Win32/Autorun.worm.123873
AntiVir 	7.8.1.34 	2008.10.07 	TR/Crypt.NSPM.Gen
Authentium 	5.1.0.4 	2008.10.07 	W32/Pws.AAFV
Avast 	4.8.1248.0 	2008.10.07 	Win32:Oliga
AVG 	8.0.0.161 	2008.10.07 	PSW.OnlineGames.XJJ
BitDefender 	7.2 	2008.10.07 	Packer.Malware.NSAnti.1
CAT-QuickHeal 	9.50 	2008.10.07 	Win32.Packed.NSAnti.r
ClamAV 	0.93.1 	2008.10.07 	Trojan.Agent-10379
DrWeb 	4.44.0.09170 	2008.10.07 	Trojan.PWS.Wsgame.2387
eSafe 	7.0.17.0 	2008.10.07 	Suspicious File
eTrust-Vet 	31.6.6133 	2008.10.07 	Win32/Frethog.ATP
Ewido 	4.0 	2008.10.07 	Trojan.OnLineGames.lfi
F-Prot 	4.4.4.56 	2008.10.06 	W32/Pws.AAFV
F-Secure 	8.0.14332.0 	2008.10.07 	Trojan-GameThief.Win32.OnLineGames.lfi
Fortinet 	3.113.0.0 	2008.10.07 	W32/OnLineGames.fam!tr.pws
GData 	19 	2008.10.07 	Packer.Malware.NSAnti.1
Ikarus 	T3.1.1.34.0 	2008.10.07 	Trojan-GameThief.Win32.OnLineGames.lfi
K7AntiVirus 	7.10.487 	2008.10.07 	Trojan-PSW.Win32.OnLineGames.lfi
Kaspersky 	7.0.0.125 	2008.10.07 	Trojan-GameThief.Win32.OnLineGames.lfi
McAfee 	5399 	2008.10.07 	PWS-Gamania.gen.a
Microsoft 	1.4005 	2008.10.07 	PWS:Win32/Frethog.D
NOD32 	3501 	2008.10.07 	Win32/Pacex.Gen
Norman 	5.80.02 	2008.10.06 	W32/NSAnti.EKS
Panda 	9.0.0.4 	2008.10.07 	W32/Lineage.GQY.worm
PCTools 	4.4.2.0 	2008.10.07 	Trojan.PWS.OnLineGames.COB
Prevx1 	V2 	2008.10.07 	Cloaked Malware
Rising 	20.65.12.00 	2008.10.07 	Packer.Win32.Mian007.a
SecureWeb-Gateway 	6.7.6 	2008.10.07 	Trojan.Crypt.NSPM.Gen
Sophos 	4.34.0 	2008.10.07 	Troj/OnLineG-AJ
Sunbelt 	3.1.1708.1 	2008.10.07 	Trojan-PSW.Win32.OnLineGames.lfi
Symantec 	10 	2008.10.07 	W32.Gammima.AG
TheHacker 	6.3.1.0.102 	2008.10.07 	Trojan/PSW.OnLineGames.lfi
TrendMicro 	8.700.0.1004 	2008.10.07 	Mal_NSAnti-1
VBA32 	3.12.8.6 	2008.10.07 	Malware-Cryptor.Win32.NSAnti
ViRobot 	2008.10.7.1410 	2008.10.07 	Trojan.Win32.Amvo.Gen
VirusBuster 	4.5.11.0 	2008.10.07 	Trojan.PWS.OnLineGames.COB
Дополнительная информация
File size: 123873 bytes
MD5...: 0083adff7ea4534e61ab4629778ff917
SHA1..: 215d5eef0353b9f8fff9d0f0ceb71ba5059a193b

[senyak]

Файл help.exe получен 2008.10.09 21:46:20 (CET)
Текущий статус: закончено
Результат: 15/36 (41.67%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 TR/Crypt.CFI.Gen
Authentium 5.1.0.4 2008.10.09 W32/Vaklik.gen
Avast 4.8.1248.0 2008.10.09 -
AVG 8.0.0.161 2008.10.09 Win32/Heur
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
eSafe 7.0.17.0 2008.10.08 Suspicious File
eTrust-Vet 31.6.6137 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.08 W32/Vaklik.gen
F-Secure 8.0.14332.0 2008.10.09 -
Fortinet 3.113.0.0 2008.10.09 -
GData 19 2008.10.09 -
Ikarus T3.1.1.34.0 2008.10.09 PWS.Win32.OnLineGames.ER
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 -
McAfee 5402 2008.10.09 -
Microsoft 1.4005 2008.10.09 PWS:Win32/OnLineGames.ER
NOD32 3507 2008.10.09 -
Norman 5.80.02 2008.10.09 -
Panda 9.0.0.4 2008.10.09 Suspicious file
PCTools 4.4.2.0 2008.10.09 Trojan.Peed.Gen!Pac
Prevx1 V2 2008.10.09 -
Rising 20.65.32.00 2008.10.09 Packer.Win32.Agent.f
SecureWeb-Gateway 6.7.6 2008.10.09 Trojan.Crypt.CFI.Gen
Sophos 4.34.0 2008.10.09 Sus/UnkPacker
Sunbelt 3.1.1708.1 2008.10.09 -
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.09 PAK_Generic.001
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 Trojan.Peed.Gen!Pac

Дополнительная информация
File size: 109056 bytes
MD5...: bd6a45a2f84ab7790c15ffb8dfbdfea7
SHA1..: dff64ccbe2a37d64567452f5f907453359580e73
SHA256: 695d80f57e2f1077406e3ee7c149db3cb3da78d4372878ebc8 a14f851c6239f4
SHA512: 22d3db48eb8a5be866140947b9a93ce2652b9051f80a1ed1d6 5c2de04dc8e43d
f389fd793324d53e10d0c64a88113f4c18564e168e4c3ad7ac 7923b9a44727b3
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

[senyak]

Файл autorun.rar получен 2008.10.12 17:38:27 (CET)
Текущий статус: закончено
Результат: 16/36 (44.45%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.11 TR/Spy.188
Authentium 5.1.0.4 2008.10.11 IS/Autorun
Avast 4.8.1248.0 2008.10.11 VBS:Malware-gen
AVG 8.0.0.161 2008.10.12 -
BitDefender 7.2 2008.10.12 -
CAT-QuickHeal 9.50 2008.10.11 -
ClamAV 0.93.1 2008.10.12 -
DrWeb 4.44.0.09170 2008.10.12 -
eSafe 7.0.17.0 2008.10.12 -
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.12 -
F-Prot 4.4.4.56 2008.10.11 IS/Autorun
F-Secure 8.0.14332.0 2008.10.12 BAT/AutoRun.AE
Fortinet 3.113.0.0 2008.10.12 -
GData 19 2008.10.12 VBS:Malware-gen
Ikarus T3.1.1.34.0 2008.10.12 Worm.Win32.Autorun
K7AntiVirus 7.10.491 2008.10.11 -
Kaspersky 7.0.0.125 2008.10.12 -
McAfee 5403 2008.10.11 Generic!atr
Microsoft 1.4005 2008.10.12 Worm:Win32/Autorun!inf
NOD32 3515 2008.10.11 INF/Autorun.gen
Norman 5.80.02 2008.10.10 BAT/AutoRun.AE
Panda 9.0.0.4 2008.10.12 -
PCTools 4.4.2.0 2008.10.12 INF.Autorun.Gen
Prevx1 V2 2008.10.12 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.11 Trojan.Spy.188
Sophos 4.34.0 2008.10.12 -
Sunbelt 3.1.1716.1 2008.10.12 INF.Autorun (v)
Symantec 10 2008.10.12 -
TheHacker 6.3.1.0.108 2008.10.11 -
TrendMicro 8.700.0.1004 2008.10.10 Mal_Otorun1
VBA32 3.12.8.6 2008.10.12 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.11 INF.Autorun.Gen

Дополнительная информация
File size: 174 bytes
MD5...: bbea1b3c03c81e22cd32f2295661b111
SHA1..: 022337eab889151469fa4cae0cb2363503479b67
SHA256: 370293e38ebf01ca32e523296320b923f57c51fd5d20347a1e 4278a86b59b4fe
SHA512: 9186dbf590db0bcdadc74de3804dbdcce93435f42641d2e9c8 f8abb40d777e73
39ad83bc364963443fb9ed529c2068d425f89ce7de8094799e 8cad92082cdf3c
PEiD..: -

[ISO]

Файл boot.exe получен 2008.10.13 06:27:34 (CET)

Результат: 21/36 (58.34%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.12 Worm/Autorun.okh
Authentium 5.1.0.4 2008.10.12 -
Avast 4.8.1248.0 2008.10.12 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.12 Worm/Generic.KLL
BitDefender 7.2 2008.10.13 BehavesLike:Trojan.StartPage
CAT-QuickHeal 9.50 2008.10.13 Worm.AutoRun.okh
ClamAV 0.93.1 2008.10.13 -
DrWeb 4.44.0.09170 2008.10.13 -
eSafe 7.0.17.0 2008.10.12 Win32.AutoRun.okh
eTrust-Vet 31.6.6141 2008.10.10 -
Ewido 4.0 2008.10.12 -
F-Prot 4.4.4.56 2008.10.12 -
F-Secure 8.0.14332.0 2008.10.13 Worm.Win32.AutoRun.okh
Fortinet 3.113.0.0 2008.10.13 W32/AutoRun.OKH!worm
GData 19 2008.10.13 Win32:Trojan-gen {Other}
Ikarus T3.1.1.34.0 2008.10.13 BehavesLike.Trojan.StartPage
K7AntiVirus 7.10.491 2008.10.11 Worm.Win32.AutoRun.okh
Kaspersky 7.0.0.125 2008.10.13 Worm.Win32.AutoRun.okh
McAfee 5403 2008.10.11 W32/Autorun.worm.gen
Microsoft 1.4005 2008.10.13 -
NOD32 3516 2008.10.13 probably a variant of Win32/Autorun
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.12 Suspicious file
PCTools 4.4.2.0 2008.10.12 -
Prevx1 V2 2008.10.13 Suspicious
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.12 Worm.Autorun.okh
Sophos 4.34.0 2008.10.13 Mal/Generic-A
Sunbelt 3.1.1719.1 2008.10.13 Worm.Win32.AutoRun.okh
Symantec 10 2008.10.13 -
TheHacker 6.3.1.0.108 2008.10.11 -
TrendMicro 8.700.0.1004 2008.10.13 Mal_Otorun5
VBA32 3.12.8.6 2008.10.12 Worm.Win32.AutoRun.okh
ViRobot 2008.10.13.1417 2008.10.13 -
VirusBuster 4.5.11.0 2008.10.12 -

Дополнительная информация
File size: 117761 bytes
MD5...: 75d3872c7e449855fc4dbe407bdceffc
SHA1..: b5be09cdd1b7e8db62f874400fcf02f86500f52f
SHA256: 2d1b60486680d049a77458d9d036a26f4625a2d9a544ccacfb 0f86f79c2e629d
SHA512: b798e91cceb3948f3c3cd35cceb1ca4ba7c1cfd030fbec28dd 2a541108ec4425
1765087b88779b40193ce0f61520628724ea64688b4bb6565d 0fba5b2926c2c6
PEiD..: -
TrID..: File type identification
Win32 Executable Borland Delphi 7 (96.7%)
Win32 Executable Generic (1.2%)
Win32 Dynamic Link Library (generic) (1.0%)
Win16/32 Executable Delphi generic (0.2%)
Generic Win/DOS Executable (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4188b4
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x17a60 0x17c00 6.49 f2e496fc2a7dc7cfe4cfcc53737813e9
DATA 0x19000 0x650 0x800 3.58 204bdd3daa82e55fa976a9c708641ee5
BSS 0x1a000 0x8c1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x1b000 0xd44 0xe00 4.68 7aa70f45f35a138db5514811a26e7122
.tls 0x1c000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x1d000 0x18 0x200 0.20 f93f0f5e58a36c4601c1e6f1a813a836
.reloc 0x1e000 0x1d94 0x1e00 6.65 94bd2f5df3ec3bd3c5d5b64522152d5d
.rsrc 0x20000 0x1600 0x1600 3.46 5fa31beca58c61517faf7e9e8c842456

[Hanson]

C:\Documents and Settings\Tatyana\рабочий стол\ieupdr2.exe

Файл avz00002.dta получен 2008.10.15 12:55:07 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 13/36 (36.12%)

Код:

Антивирус  	Версия  	Обновление  	Результат
AhnLab-V3	2008.10.15.2	2008.10.15	-
AntiVir	     7.8.1.34	2008.10.15	-
Authentium	5.1.0.4	2008.10.15	-
Avast 	4.8.1248.0	2008.10.15	-
AVG	        8.0.0.161	2008.10.15	-
BitDefender	7.2	2008.10.15	-
CAT-QuickHeal	9.50	2008.10.14	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.10.15	Trojan.OnlineGames-1517
DrWeb	4.44.0.09170	2008.10.15	-
eSafe	7.0.17.0	2008.10.15	Suspicious File
eTrust-Vet	31.6.6147	2008.10.14	-
Ewido	4.0	2008.10.14	-
F-Prot	4.4.4.56	2008.10.14	-
F-Secure	8.0.14332.0	2008.10.15	W32/Packed/FSG_2.A
Fortinet	3.113.0.0	2008.10.15	-
GData	19	2008.10.15	-
Ikarus	T3.1.1.34.0	2008.10.15	-
K7AntiVirus	7.10.493	2008.10.14	-
Kaspersky	7.0.0.125	2008.10.15	-
McAfee	5405	2008.10.14	-
Microsoft	1.4005	2008.10.15	-
NOD32	3522	2008.10.14	-
Norman	5.80.02	2008.10.14	W32/Packed_FSG.D
Panda	9.0.0.4	2008.10.14	Suspicious file
PCTools	4.4.2.0	2008.10.14	Packed/FSG
Prevx1	V2	2008.10.15	Malicious Software
Rising	20.66.22.00	2008.10.15	-
SecureWeb-Gateway	6.7.6	2008.10.15	Win32.Malware.gen#FSG (suspicious)
Sophos	4.34.0	2008.10.15	Sus/UnkPacker
Sunbelt	3.1.1725.1	2008.10.15	Trojan.Win32.Packed.gen (v)
Symantec	10	2008.10.15	-
TheHacker	6.3.1.0.112	2008.10.15	-
TrendMicro	8.700.0.1004	2008.10.15	Cryp_Bits
VBA32	3.12.8.6	2008.10.14	-
ViRobot	2008.10.15.1421	2008.10.15	-
VirusBuster	4.5.11.0	2008.10.14	Packed/FSG

Дополнительная информация
File size: 773 bytes
MD5...: c2b15a4f78906fee29b46670ebe2a909
SHA1..: a638458fd35147f1361d9f7d6b564af0bc3882fe
SHA256: 72eb91ccc610da4d98c2e9f8c26e6d911e90119ddd61cbf59e 3d0c935f782e60
SHA512: bee0679f40d52fcbb429937cd081947ed2a2bd416583b200a2 cea76816f9413a
2c9e2a09ba16d44d8a2af4429643270b51a4920d13fe8d3bb3 925749ef8212b9
PEiD..: FSG v2.0 -> bart/xt
TrID..: File type identification
Generic Win/DOS Executable (49.8%)
DOS Executable Generic (49.8%)
Targa bitmap (Original TGA Format) (0.1%)
MS Flight Simulator Aircraft Performance Info (0.0%)