Исследование антивирусов 6

**rubin** · 25.12.2007, 16:55

vhosts.exe

Код:

AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.25	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.24	-
AVG	7.5.0.516	2007.12.25	-
BitDefender	7.2	2007.12.25	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.25	-
DrWeb	4.44.0.09170	2007.12.25	-
eSafe	7.0.15.0	2007.12.24	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.25	-
FileAdvisor	1	2007.12.25	-
Fortinet	3.14.0.0	2007.12.25	-
F-Prot	4.4.2.54	2007.12.25	-
F-Secure	6.70.13030.0	2007.12.25	-
Ikarus	T3.1.1.15	2007.12.25	-
Kaspersky	7.0.0.125	2007.12.25	-
McAfee	5192	2007.12.24	-
Microsoft	1.3109	2007.12.25	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.25	Suspicious file
Prevx1	V2	2007.12.25	-
Rising	20.24.12.00	2007.12.25	-
Sophos	4.24.0	2007.12.25	Mal/Basine-C
Sunbelt	2.2.907.0	2007.12.21	-
Symantec	10	2007.12.25	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	-
VirusBuster	4.3.26:9	2007.12.24	-
Webwasher-Gateway	6.6.2	2007.12.25	Trojan.Crypt.XPACK.Gen

File size: 20480 bytes
MD5: 3f6a0b6f22e6b87ef817638789b46c0b
SHA1: ba8a1503089e8c0489b4beb52b160b11c05b15f4

avz00002.dta

Код:

AhnLab-V3	2007.12.25.10	2007.12.24	-
AntiVir	7.6.0.46	2007.12.25	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2007.12.25	-
Avast	4.7.1098.0	2007.12.24	-
AVG	7.5.0.516	2007.12.25	-
BitDefender	7.2	2007.12.25	-
CAT-QuickHeal	9.00	2007.12.25	-
ClamAV	0.91.2	2007.12.25	-
DrWeb	4.44.0.09170	2007.12.25	Trojan.Proxy.2240
eSafe	7.0.15.0	2007.12.24	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.25	Downloader.Small.fah
FileAdvisor	1	2007.12.25	-
Fortinet	3.14.0.0	2007.12.25	-
F-Prot	4.4.2.54	2007.12.25	-
F-Secure	6.70.13030.0	2007.12.25	-
Ikarus	T3.1.1.15	2007.12.25	-
Kaspersky	7.0.0.125	2007.12.25	-
McAfee	5192	2007.12.24	-
Microsoft	1.3109	2007.12.25	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.24	-
Panda	9.0.0.4	2007.12.25	-
Prevx1	V2	2007.12.25	-
Rising	20.24.12.00	2007.12.25	-
Sophos	4.24.0	2007.12.25	-
Sunbelt	2.2.907.0	2007.12.21	VIPRE.Suspicious
Symantec	10	2007.12.25	-
TheHacker	6.2.9.168	2007.12.22	-
VBA32	3.12.2.5	2007.12.24	suspected of Trojan-PSW.Pinch.35 (paranoid heuristics)
VirusBuster	4.3.26:9	2007.12.24	-
Webwasher-Gateway	6.6.2	2007.12.25	Trojan.Crypt.XPACK.Gen

File size: 16896 bytes
MD5: f75864554cb100786170999c4dffc115
SHA1: 752d20a5a147e50b46dd69b76a80e94d05159be4

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**ALEX(XX)** · 25.12.2007, 20:26

File sysfope.exe received on 12.25.2007 18

39 (CET)

Antivirus;Version;Last Update;Result
AhnLab-V3;2007.12.25.10;2007.12.24;-
AntiVir;7.6.0.46;2007.12.25;TR/Crypt.ULPM.Gen
Authentium;4.93.8;2007.12.25;-
Avast;4.7.1098.0;2007.12.25;Win32:Agent-PBQ
AVG;7.5.0.516;2007.12.25;-
BitDefender;7.2;2007.12.25;-
CAT-QuickHeal;9.00;2007.12.25;(Suspicious) - DNAScan
ClamAV;0.91.2;2007.12.25;-
DrWeb;4.44.0.09170;2007.12.25;Trojan.DownLoader.38 353
eSafe;7.0.15.0;2007.12.25;suspicious Trojan/Worm
eTrust-Vet;31.3.5400;2007.12.24;-
Ewido;4.0;2007.12.25;-
FileAdvisor;1;2007.12.25;-
Fortinet;3.14.0.0;2007.12.25;-
F-Prot;4.4.2.54;2007.12.25;W32/Heuristic-KPP!Eldorado
F-Secure;6.70.13030.0;2007.12.25;-
Ikarus;T3.1.1.15;2007.12.25;-
Kaspersky;7.0.0.125;2007.12.25;not-a-virus:AdWare.Win32.Agent.yz
McAfee;5192;2007.12.24;-
Microsoft;1.3109;2007.12.25;Trojan:Win32/AgentBypass.gen!K
NOD32v2;2747;2007.12.25;-
Norman;5.80.02;2007.12.24;-
Panda;9.0.0.4;2007.12.25;Suspicious file
Prevx1;V2;2007.12.25;Generic.Malware
Rising;20.24.12.00;2007.12.25;-
Sophos;4.24.0;2007.12.25;-
Sunbelt;2.2.907.0;2007.12.21;VIPRE.Suspicious
Symantec;10;2007.12.25;-
TheHacker;6.2.9.168;2007.12.22;-
VBA32;3.12.2.5;2007.12.24;-
VirusBuster;4.3.26:9;2007.12.25;-
Webwasher-Gateway;6.6.2;2007.12.25;Trojan.Crypt.ULPM.Gen

Additional information
File size: 34049 bytes
MD5: 0639ebdcda125a88685314262d817f8a
SHA1: f3d51361257b93db898a8f819653081b7ce369cf
PEiD: RCryptor v1.5 --> Vaska
packers: UPX
packers: UPX
packers: SuperCrypt, PE_Patch.UPX, UPX, UPX, PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramte...1844009E3A294A
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**ZhIV** · 26.12.2007, 06:25

Файл opr02TF4.htm получен 2007.12.26 04:02:54 (CET)

AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 -
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.26 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.25 VBS.PackFor
eSafe 7.0.15.0 2007.12.25 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 DoS.JS.Dframe.n
Ikarus T3.1.1.15 2007.12.26 -
Kaspersky 7.0.0.125 2007.12.26 DoS.JS.Dframe.n
McAfee 5192 2007.12.24 Exploit-IFrame
Microsoft 1.3109 2007.12.26 DoS:JS/Dframe.gen
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 W32/Dowlod.A
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 Troj/Pintadd-A
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.25 -
Дополнительная информация
File size: 35862 bytes
MD5: 4c03044564b1a19743b16341be25f583
SHA1: a0f5e06399f4899ec3e20cf086d232ead442e0c4
PEiD: -

Файл opr02TFK.htm получен 2007.12.26 04:08:36 (CET)
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 -
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.26 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.25 VBS.PackFor
eSafe 7.0.15.0 2007.12.25 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 -
Ikarus T3.1.1.15 2007.12.26 -
Kaspersky 7.0.0.125 2007.12.26 -
McAfee 5192 2007.12.24 Exploit-IFrame
Microsoft 1.3109 2007.12.26 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 Troj/Pintadd-A
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.26 -
Дополнительная информация
File size: 67463 bytes
MD5: ec217fa712390258690ffa3ba97f41e4
SHA1: ce0b0e06cf70c2654ca0580b74ac627919acd327
PEiD: -

Файл opr02UM9.htm получен 2007.12.26 04:09:04 (CET)
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 -
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.26 Trojan.Downloader.Js.Agent.KV
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.25 Trojan.DownLoader.28150
eSafe 7.0.15.0 2007.12.25 JS.Iframe.cv
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 Trojan-Downloader.JS.Agent.kv
Ikarus T3.1.1.15 2007.12.26 Trojan-Downloader.JS.Agent.kv
Kaspersky 7.0.0.125 2007.12.26 Trojan-Downloader.JS.Agent.kv
McAfee 5192 2007.12.24 Exploit-IFrame
Microsoft 1.3109 2007.12.26 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.26 -
Дополнительная информация
File size: 12753 bytes
MD5: 5e9f555d80e10568d2dc561d7033c6e2
SHA1: 10f2687c222d366086a8c236ac68ab67d7fb92bb
PEiD: -

Файл opr03KWH.htm получен 2007.12.26 04:09:18 (CET)
AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 HTML/Rce.Gen
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 JS/Downloader.Agent
BitDefender 7.2 2007.12.26 Exploit.AdodbStream.J
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.25 VBS.PackFor
eSafe 7.0.15.0 2007.12.25 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 JS/WebAttacker!exploit
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 JS/Laume.gen2
Ikarus T3.1.1.15 2007.12.26 Trojan-Downloader.JS.Psyme.hu
Kaspersky 7.0.0.125 2007.12.26 -
McAfee 5192 2007.12.24 JS/Downloader-AUD
Microsoft 1.3109 2007.12.26 TrojanDownloader:JS/Psyme.gen
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 JS/Laume.gen2
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 Mal/ObfJS-A
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 Downloader
TheHacker 6.2.9.168 2007.12.22 Trojan/Downloader.vbs
VBA32 3.12.2.5 2007.12.24 -
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.26 Script.Rce.Gen
Дополнительная информация
File size: 507 bytes
MD5: 969a819391719993899c36f0ab1b921f
SHA1: 0f9d6e1200e22427cc1b8d7f215e6cf8de6e36d5
PEiD: -
packers: Crypt.DCScript

Добавлено через 4 минуты

Файл opr03NVL.htm получен 2007.12.26 04:10:43 (CET)

AhnLab-V3 2007.12.25.10 2007.12.24 -
AntiVir 7.6.0.46 2007.12.25 -
Authentium 4.93.8 2007.12.25 -
Avast 4.7.1098.0 2007.12.25 -
AVG 7.5.0.516 2007.12.25 -
BitDefender 7.2 2007.12.26 Trojan.Downloader.Js.Psyme.O
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 JS.Small
DrWeb 4.44.0.09170 2007.12.25 VBS.Psyme.377
eSafe 7.0.15.0 2007.12.25 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.25 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 JS/Inor.A!tr.dldr
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 Trojan-Downloader.JS.Small.ih
Ikarus T3.1.1.15 2007.12.26 Trojan-Downloader.JS.Inor.A
Kaspersky 7.0.0.125 2007.12.26 Trojan-Downloader.JS.Small.ih
McAfee 5192 2007.12.24 JS/Wonka
Microsoft 1.3109 2007.12.26 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.24 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.12.00 2007.12.25 -
Sophos 4.24.0 2007.12.26 Mal/ObfJS-H
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.24 Trojan-Downloader.JS.Psyme.cv
VirusBuster 4.3.26:9 2007.12.25 -
Webwasher-Gateway 6.6.2 2007.12.26 -
Дополнительная информация
File size: 18502 bytes
MD5: d558d4e52ca3393ae521632262337912
SHA1: 032f4109040572877ab7a8d77f38cbafeb35b697
PEiD: -

**strawser** · 26.12.2007, 19:42

Сообщение от Shu_b

ps. если не трудно, зашлите по ссылке (в zip'e, с паролем virus) - http://virusinfo.info/upload_virus.php?tid=12941

Выслал.

Добавлено через 21 минуту

symantec ??

File 43.rar received on 12.26.2007 17:32:26 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.27.10 2007.12.26 -
AntiVir 7.6.0.46 2007.12.26 TR/Dldr.Agent.dow
Authentium 4.93.8 2007.12.26 -
Avast 4.7.1098.0 2007.12.26 Win32:Agent-MHD
AVG 7.5.0.516 2007.12.25 Agent.LOH
BitDefender 7.2 2007.12.26 Generic.NPop.84CDBBCB
CAT-QuickHeal 9.00 2007.12.25 Trojan.Agent.app
ClamAV 0.91.2 2007.12.26 Trojan.Downloader.Agent-1278
DrWeb 4.44.0.09170 2007.12.26 Trojan.DownLoader.36243
eSafe 7.0.15.0 2007.12.25 Win32.Agent.app
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.26 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 W32/Agent.GBH!tr
F-Prot 4.4.2.54 2007.12.25 W32/VCtroj.A.gen!Eldorado
F-Secure 6.70.13030.0 2007.12.26 Trojan-Downloader.Win32.Agent.gbh
Ikarus T3.1.1.15 2007.12.26 Trojan.Win32.Agent.app
Kaspersky 7.0.0.125 2007.12.26 Trojan-Downloader.Win32.Agent.gbh
McAfee 5192 2007.12.24 Generic Downloader.p
Microsoft 1.3109 2007.12.26 Trojan:Win32/Agent.APP
NOD32v2 2747 2007.12.25 Win32/Agent.NNA
Norman 5.80.02 2007.12.26 -
Panda 9.0.0.4 2007.12.25 Trj/Downloader.QKJ
Prevx1 V2 2007.12.26 SystemPoser:Trojan-b
Rising 20.24.21.00 2007.12.26 Trojan.DL.Win32.Agent.zkj
Sophos 4.24.0 2007.12.26 -
Sunbelt 2.2.907.0 2007.12.21 Trojan.Win32.Agent.app
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.26 Trojan.Win32.Agent.app
VirusBuster 4.3.26:9 2007.12.26 Trojan.Gretus.Gen!Pac
Webwasher-Gateway 6.6.2 2007.12.26 Trojan.Dldr.Agent.dow
Additional information
File size: 27469 bytes
MD5: 8a22d6c8a332be275d082e755fd7ae0c
SHA1: 956ab2106bb1fd18248429d9169a6433f1e52275
PEiD: -
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramte...355900D01AA827

File Trojan_DownloaderWMA.rar received on 12.26.2007 19:18:02 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.12.27.10 2007.12.26 -
AntiVir 7.6.0.46 2007.12.26 -
Authentium 4.93.8 2007.12.26 -
Avast 4.7.1098.0 2007.12.26 -
AVG 7.5.0.516 2007.12.26 -
BitDefender 7.2 2007.12.26 -
CAT-QuickHeal 9.00 2007.12.25 -
ClamAV 0.91.2 2007.12.26 -
DrWeb 4.44.0.09170 2007.12.26 -
eSafe 7.0.15.0 2007.12.26 -
eTrust-Vet 31.3.5400 2007.12.24 -
Ewido 4.0 2007.12.26 -
FileAdvisor 1 2007.12.26 -
Fortinet 3.14.0.0 2007.12.26 -
F-Prot 4.4.2.54 2007.12.25 -
F-Secure 6.70.13030.0 2007.12.26 Trojan-Downloader.WMA.Wimad.l
Ikarus T3.1.1.15 2007.12.26 Trojan-Downloader.WMA.Wimad.l
Kaspersky 7.0.0.125 2007.12.26 Trojan-Downloader.WMA.Wimad.l
McAfee 5192 2007.12.24 -
Microsoft 1.3109 2007.12.26 -
NOD32v2 2747 2007.12.25 -
Norman 5.80.02 2007.12.26 -
Panda 9.0.0.4 2007.12.25 -
Prevx1 V2 2007.12.26 -
Rising 20.24.21.00 2007.12.26 -
Sophos 4.24.0 2007.12.26 -
Sunbelt 2.2.907.0 2007.12.21 -
Symantec 10 2007.12.26 -
TheHacker 6.2.9.168 2007.12.22 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.26 -
Webwasher-Gateway 6.6.2 2007.12.26 -
Additional information
File size: 333266 bytes
MD5: 3c9f2cfeb66f87e40aae6aba6fe0fd39
SHA1: 913429c10f23984dd014a049f507ec10e5b99cf4
PEiD: -

XL · 26.12.2007, 22:14

Свежий шторм:

Код:

Файл happy-2008.exe получен 2007.12.26 19:54:10 (CET)

AhnLab-V3	2007.12.27.10	2007.12.26	-
AntiVir	7.6.0.46	2007.12.26	HEUR/Crypted
Authentium	4.93.8	2007.12.26	-
Avast	4.7.1098.0	2007.12.26	Win32:DNSChanger-HI
AVG	7.5.0.516	2007.12.26	-
BitDefender	7.2	2007.12.26	-
CAT-QuickHeal	9.00	2007.12.26	-
ClamAV	0.91.2	2007.12.26	-
DrWeb	4.44.0.09170	2007.12.26	-
eSafe	7.0.15.0	2007.12.26	-
eTrust-Vet	31.3.5400	2007.12.24	-
Ewido	4.0	2007.12.26	-
FileAdvisor	1	2007.12.26	-
Fortinet	3.14.0.0	2007.12.26	-
F-Prot	4.4.2.54	2007.12.25	-
F-Secure	6.70.13030.0	2007.12.26	-
Ikarus	T3.1.1.15	2007.12.26	-
Kaspersky	7.0.0.125	2007.12.26	-
McAfee	5193	2007.12.26	-
Microsoft	1.3109	2007.12.26	-
NOD32v2	2747	2007.12.25	-
Norman	5.80.02	2007.12.26	-
Panda	9.0.0.4	2007.12.25	-
Prevx1	V2	2007.12.26	Heuristic: Suspicious File With Bad Child Associations
Rising	20.24.21.00	2007.12.26	-
Sophos	4.24.0	2007.12.26	-
Sunbelt	2.2.907.0	2007.12.21	VIPRE.Suspicious
Symantec	10	2007.12.26	-
TheHacker	6.2.9.169	2007.12.26	-
VBA32	3.12.2.5	2007.12.26	-
VirusBuster	4.3.26:9	2007.12.26	-
Webwasher-Gateway	6.6.2	2007.12.26	Heuristic.Crypted
Дополнительная информация
File size: 152064 bytes
MD5: 5c1d151eb4bfc5bf29ed0a02059c08bc
SHA1: f09434c0562f35071844d2a9606f431682f52511

**ALEX(XX)** · 28.12.2007, 13:17

File loader.exe received on 12.27.2007 2145 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.12.28.10 2007.12.27 -
AntiVir 7.6.0.46 2007.12.27 -
Authentium 4.93.8 2007.12.27 -
Avast 4.7.1098.0 2007.12.27 -
AVG 7.5.0.516 2007.12.27 Generic9.AIKU
BitDefender 7.2 2007.12.27 Trojan.Agent.Small.SVO
CAT-QuickHeal 9.00 2007.12.27 -
ClamAV 0.91.2 2007.12.27 -
DrWeb 4.44.0.09170 2007.12.27 -
eSafe 7.0.15.0 2007.12.27 -
eTrust-Vet 31.3.5406 2007.12.27 Win32/Chepvil!generic
Ewido 4.0 2007.12.27 -
FileAdvisor 1 2007.12.27 -
Fortinet 3.14.0.0 2007.12.27 -
F-Prot 4.4.2.54 2007.12.26 -
F-Secure 6.70.13030.0 2007.12.27 W32/Malware
Ikarus T3.1.1.15 2007.12.27 -
Kaspersky 7.0.0.125 2007.12.27 -
McAfee 5194 2007.12.27 -
Microsoft 1.3109 2007.12.27 -
NOD32v2 2751 2007.12.27 -
Norman 5.80.02 2007.12.27 W32/Malware
Panda 9.0.0.4 2007.12.27 -
Prevx1 V2 2007.12.27 -
Rising 20.24.32.00 2007.12.27 -
Sophos 4.24.0 2007.12.27 -
Sunbelt 2.2.907.0 2007.12.27 -
Symantec 10 2007.12.27 -
TheHacker 6.2.9.172 2007.12.27 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.27 -
Webwasher-Gateway 6.6.2 2007.12.27 -

Additional information
File size: 8704 bytes
MD5: 4b4bfceb4b304e2823cae013c55cca97
SHA1: db326f1ccef67ebeebb4aff07286190580e36113
PEiD: -
norman sandbox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 8704 bytes. [ Process/window information ] * Attempts to access service \"McShield\". * Disables security related services. 

Добавлено через 10 часов 10 минут

File winable.exe received on 12.28.2007 07:08:05 (CET)

Antivirus;Version;Last Update;Result
AhnLab-V3;2007.12.28.11;2007.12.28;Win-Trojan/Agent.61440.DB
AntiVir;7.6.0.46;2007.12.27;BDS/StarDor.A
Authentium;4.93.8;2007.12.28;-
Avast;4.7.1098.0;2007.12.27;Win32:Adloader-KY
AVG;7.5.0.516;2007.12.27;-
BitDefender;7.2;2007.12.28;-
CAT-QuickHeal;9.00;2007.12.27;TrojanDownloader.bho.gll
ClamAV;0.91.2;2007.12.27;-
DrWeb;4.44.0.09170;2007.12.27;Trojan.Stars.origin
eSafe;7.0.15.0;2007.12.27;-
eTrust-Vet;31.3.5407;2007.12.27;-
Ewido;4.0;2007.12.27;Downloader.Adload.ni
FileAdvisor;1;2007.12.28;-
Fortinet;3.14.0.0;2007.12.28;-
F-Prot;4.4.2.54;2007.12.28;-
F-Secure;6.70.13030.0;2007.12.28;-
Ikarus;T3.1.1.15;2007.12.28;-
Kaspersky;7.0.0.125;2007.12.28;-
McAfee;5194;2007.12.27;-
Microsoft;1.3109;2007.12.28;-
NOD32v2;2751;2007.12.27;-
Norman;5.80.02;2007.12.27;-
Panda;9.0.0.4;2007.12.27;-
Prevx1;V2;2007.12.28;-
Rising;20.24.32.00;2007.12.27;Trojan.Win32.Agent.z ug
Sophos;4.24.0;2007.12.28;-
Sunbelt;2.2.907.0;2007.12.28;-
Symantec;10;2007.12.28;Adware.MaxSearch
TheHacker;6.2.9.172;2007.12.27;-
VBA32;3.12.2.5;2007.12.26;-
VirusBuster;4.3.26:9;2007.12.27;-
Webwasher-Gateway;6.6.2;2007.12.28;Trojan.Backdoor.StarDor.A

Additional information
File size: 61440 bytes
MD5: 4a7b083438836184abebec212920d695
SHA1: 922d42c3b759725bacef54c24b4da0b9b4bb3503
PEiD: -

Добавлено через 3 часа 38 минут

File VideoAccessCodecInstall.exe received on 12.28.2007 11:08:55 (CET)

Antivirus;Version;Last Update;Result
AhnLab-V3;2007.12.28.11;2007.12.28;-
AntiVir;7.6.0.46;2007.12.28;TR/Dldr.Zlob
Authentium;4.93.8;2007.12.28;-
Avast;4.7.1098.0;2007.12.27;-
AVG;7.5.0.516;2007.12.27;Downloader.Zlob
BitDefender;7.2;2007.12.28;-
CAT-QuickHeal;9.00;2007.12.27;TrojanDownloader.Zlob.ge n
ClamAV;0.91.2;2007.12.28;Trojan.Dropper-2557
DrWeb;4.44.0.09170;2007.12.28;-
eSafe;7.0.15.0;2007.12.27;-
eTrust-Vet;31.3.5408;2007.12.28;-
Ewido;4.0;2007.12.27;-
FileAdvisor;1;2007.12.28;-
Fortinet;3.14.0.0;2007.12.28;-
F-Prot;4.4.2.54;2007.12.28;-
F-Secure;6.70.13030.0;2007.12.28;Trojan-Downloader.Win32.Zlob.fns
Ikarus;T3.1.1.15;2007.12.28;-
Kaspersky;7.0.0.125;2007.12.28;Trojan-Downloader.Win32.Zlob.fns
McAfee;5194;2007.12.27;-
Microsoft;1.3109;2007.12.28;Trojan:Win32/Tibs.gen!lds
NOD32v2;2752;2007.12.28;-
Norman;5.80.02;2007.12.27;W32/Zlob.ARDM
Panda;9.0.0.4;2007.12.27;-
Prevx1;V2;2007.12.28;-
Rising;20.24.41.00;2007.12.28;-
Sophos;4.24.0;2007.12.28;Troj/Zlobar-Fam
Sunbelt;2.2.907.0;2007.12.28;-
Symantec;10;2007.12.28;-
TheHacker;6.2.9.172;2007.12.27;Trojan/Downloader.gen
VBA32;3.12.2.5;2007.12.26;MalwareScope.Worm.Nuwar-Glowa.1
VirusBuster;4.3.26:9;2007.12.27;-
Webwasher-Gateway;6.6.2;2007.12.28;Trojan.Dldr.Zlob

Additional information
File size: 148200 bytes
MD5: 4a9828c1ef46b792f45d6358855ead27
SHA1: be7dcaed6ceb853078832d2dc6c80fc696f5bdcd
PEiD: -

**rubin** · 29.12.2007, 14:43

эвона как бывает... temp/winlogon.exe

Код:

AhnLab-V3	2007.12.29.11	2007.12.29	-
AntiVir	7.6.0.46	2007.12.28	-
Authentium	4.93.8	2007.12.29	-
Avast	4.7.1098.0	2007.12.28	-
AVG	7.5.0.516	2007.12.28	SHeur.AJLM
BitDefender	7.2	2007.12.29	-
CAT-QuickHeal	9.00	2007.12.29	-
ClamAV	0.91.2	2007.12.29	-
DrWeb	4.44.0.09170	2007.12.29	-
eSafe	7.0.15.0	2007.12.27	-
eTrust-Vet	31.3.5412	2007.12.29	-
Ewido	4.0	2007.12.29	-
FileAdvisor	1	2007.12.29	-
Fortinet	3.14.0.0	2007.12.29	-
F-Prot	4.4.2.54	2007.12.28	-
F-Secure	6.70.13030.0	2007.12.28	-
Ikarus	T3.1.1.15	2007.12.29	-
Kaspersky	7.0.0.125	2007.12.29	-
McAfee	5195	2007.12.28	-
Microsoft	1.3109	2007.12.29	-
NOD32v2	2754	2007.12.28	-
Norman	5.80.02	2007.12.28	-
Panda	9.0.0.4	2007.12.28	-
Prevx1	V2	2007.12.29	-
Rising	20.24.52.00	2007.12.29	-
Sophos	4.24.0	2007.12.29	-
Sunbelt	2.2.907.0	2007.12.28	-
Symantec	10	2007.12.29	-
TheHacker	6.2.9.174	2007.12.28	-
VBA32	3.12.2.5	2007.12.29	-
VirusBuster	4.3.26:9	2007.12.28	-
Webwasher-Gateway	6.6.2	2007.12.28	-

Дополнительная информация
File size: 33280 bytes
MD5: 16ccf9650143c6746eb39ba09489d412
SHA1: 4080c60b5b983d93c822fa0cbc04d844a54ad969

**Bratez** · 30.12.2007, 14:12

Complete scanning result of "avz00001.dta", processed in VirusTotal at 12/30/2007 12:02:21 (CET).

[ file data ]
* name: avz00001.dta
* size: 73742
* md5.: 179f70d07c604671de2741a531840e81
* sha1: 5e7827dd0db639fdada394bd1312972c530f541c
* peid..: -

[ scan result ]
AhnLab-V3 2007.12.29.11/20071229 found nothing
AntiVir 7.6.0.46/20071229 found [HEUR/Crypted]
Authentium 4.93.8/20071229 found nothing
Avast 4.7.1098.0/20071229 found nothing
AVG 7.5.0.516/20071229 found [DNSChanger.G]
BitDefender 7.2/20071230 found [Trojan.DNSChanger.RB]
CAT-QuickHeal 9.00/20071229 found [(Suspicious) - DNAScan]
ClamAV 0.91.2/20071230 found nothing
DrWeb 4.44.0.09170/20071230 found nothing
eSafe 7.0.15.0/20071227 found nothing
eTrust-Vet 31.3.5412/20071229 found nothing
Ewido 4.0/20071229 found nothing
F-Prot 4.4.2.54/20071229 found nothing
F-Secure 6.70.13030.0/20071230 found nothing
FileAdvisor 1/20071230 found nothing
Fortinet 3.14.0.0/20071230 found nothing
Ikarus T3.1.1.15/20071230 found [Trojan.DNSChanger.RB]
Kaspersky 7.0.0.125/20071230 found [Heur.Trojan.Generic]
McAfee 5195/20071228 found nothing
Microsoft 1.3109/20071230 found [Trojan:Win32/Alureon.gen!D]
NOD32v2 2755/20071229 found [Win32/TrojanDownloader.Zlob.BMQ]
Norman 5.80.02/20071228 found nothing
Panda 9.0.0.4/20071230 found nothing
Prevx1 V2/20071230 found nothing
Rising 20.24.52.00/20071229 found nothing
Sophos 4.24.0/20071230 found nothing
Sunbelt 2.2.907.0/20071230 found nothing
Symantec 10/20071230 found nothing
TheHacker 6.2.9.175/20071229 found nothing
VBA32 3.12.2.5/20071229 found nothing
VirusBuster 4.3.26:9/20071229 found nothing
Webwasher-Gateway 6.6.2/20071229 found [Heuristic.Crypted]

**strawser** · 30.12.2007, 16:36

File websitetutorial.exe received on 12.30.2007 14:25:33 (CET)

Result: 4/32 (12.5%)

Antivirus Version Last Update Result
AhnLab-V3 2007.12.29.11 2007.12.29 -
AntiVir 7.6.0.46 2007.12.29 -
Authentium 4.93.8 2007.12.29 -
Avast 4.7.1098.0 2007.12.29 -
AVG 7.5.0.516 2007.12.30 -
BitDefender 7.2 2007.12.30 -
CAT-QuickHeal 9.00 2007.12.29 -
ClamAV 0.91.2 2007.12.30 -
DrWeb 4.44.0.09170 2007.12.30 -
eSafe 7.0.15.0 2007.12.27 suspicious Trojan/Worm
eTrust-Vet 31.3.5412 2007.12.29 -
Ewido 4.0 2007.12.30 -
FileAdvisor 1 2007.12.30 -
Fortinet 3.14.0.0 2007.12.30 -
F-Prot 4.4.2.54 2007.12.29 -
F-Secure 6.70.13030.0 2007.12.30 -
Ikarus T3.1.1.15 2007.12.30 Trojan-Downloader.Win32.Banload.eta
Kaspersky 7.0.0.125 2007.12.30 -
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.30 -
NOD32v2 2755 2007.12.29 -
Norman 5.80.02 2007.12.28 W32/BHO.AMN
Panda 9.0.0.4 2007.12.30 -
Prevx1 V2 2007.12.30 Heuristic: Suspicious File With Outbound Communications
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.30 -
Sunbelt 2.2.907.0 2007.12.30 -
Symantec 10 2007.12.30 -
TheHacker 6.2.9.175 2007.12.29 -
VBA32 3.12.2.5 2007.12.29 -
VirusBuster 4.3.26:9 2007.12.29 -
Webwasher-Gateway 6.6.2 2007.12.29 -
Additional information
File size: 338164 bytes
MD5: 236882e4572d87562157798ed807eccf
SHA1: 4ade5312ae36fbc760cf4a73eae60ce099ac1209
PEiD: -
packers: UPX
packers: UPX
packers: UPX

**Shu_b** · 31.12.2007, 13:52

Ну... подведём итоги... месяца.

edit: загружены более компактные картинки.

**Surfer** · 31.12.2007, 17:35

Опять шторм, только криптованый.
Самое интересное что 8-ка каспера уже ловит его как желатин =\

Файл happy_2008.exe получен 2007.12.31 15:13:22 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 12/32 (37.5%)

Антивирус Версия Обновление Результат
AhnLab-V3 2008.1.1.10 2007.12.31 -
AntiVir 7.6.0.46 2007.12.31 TR/Crypt.XDR.Gen
Authentium 4.93.8 2007.12.30 -
Avast 4.7.1098.0 2007.12.30 Win32helatin-ASX
AVG 7.5.0.516 2007.12.31 -
BitDefender 7.2 2007.12.31 Trojan.Peed.IRS
CAT-QuickHeal 9.00 2007.12.31 -
ClamAV 0.91.2 2007.12.31 -
DrWeb 4.44.0.09170 2007.12.31 Trojan.Spambot.2559
eSafe 7.0.15.0 2007.12.30 -
eTrust-Vet 31.3.5417 2007.12.31 -
Ewido 4.0 2007.12.31 -
FileAdvisor 1 2007.12.31 -
Fortinet 3.14.0.0 2007.12.31 W32/Tibs.G@mm
F-Prot 4.4.2.54 2007.12.31 -
F-Secure 6.70.13030.0 2007.12.31 -
Ikarus T3.1.1.15 2007.12.31 -
Kaspersky 7.0.0.125 2007.12.31 -
McAfee 5195 2007.12.28 W32/Nuwar@MM
Microsoft 1.3109 2007.12.31 Backdoor:WinNT/Nuwar.B!sys
NOD32v2 2758 2007.12.31 probably a variant of Win32/Nuwar
Norman 5.80.02 2007.12.31 -
Panda 9.0.0.4 2007.12.31 Suspicious file
Prevx1 V2 2007.12.31 Stormy:Worm-All Variants
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.31 Mal/Dorf-H
Sunbelt 2.2.907.0 2007.12.30 -
Symantec 10 2007.12.31 -
TheHacker 6.2.9.175 2007.12.29 -
VBA32 3.12.2.5 2007.12.29 -
VirusBuster 4.3.26:9 2007.12.31 -
Webwasher-Gateway 6.6.2 2007.12.31 Trojan.Crypt.XDR.Gen
Дополнительная информация
File size: 143873 bytes
MD5: 30196db0c6df236d32307693feb4935e
SHA1: bb34c478ab65a3418f333996568178fcdc7a6011
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...E37E00B13961EF

**mA_sat** · 01.01.2008, 16:34

Поставил Икарус себе, посмотреть как он работает

Файл Mswtif.dll получен 2007.11.05 22:24:39 (CET)

Текущий статус: закончено
Результат: 3/31 (9.68%)
Форматированные Форматированные
Печать результатов Печать результатов
Антивирус Версия Обновление Результат
AhnLab-V3 - - -
AntiVir - - -
Authentium - - Possibly a new variant of W32/CodeCru-based!Maximus
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - W32/CodeCru-based!Maximus
F-Secure - - -
Ikarus - - Trojan-Spy.Win32.Agent.rb
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Дополнительная информация
MD5: 472f3ca7b2d92bd5b3c351e101fd5451

XL · 01.01.2008, 16:56

Свежая сборка Storm:

Файл happy_2008.rar получен 2008.01.01 14:46:59 (CET)

AhnLab-V3 2008.1.1.10 2007.12.31 -
AntiVir 7.6.0.46 2007.12.31 TR/Crypt.XDR.Gen
Authentium 4.93.8 2007.12.31 -
Avast 4.7.1098.0 2007.12.31 Win32helatin-ASX
AVG 7.5.0.516 2007.12.31 -
BitDefender 7.2 2008.01.01 Trojan.Agent.AGIU
CAT-QuickHeal 9.00 2007.12.31 -
ClamAV 0.91.2 2008.01.01 Trojan.Peed-80
DrWeb 4.44.0.09170 2007.12.31 -
eSafe 7.0.15.0 2007.12.31 -
eTrust-Vet 31.3.5421 2008.01.01 -
Ewido 4.0 2007.12.31 -
FileAdvisor 1 2008.01.01 -
Fortinet 3.14.0.0 2008.01.01 -
F-Prot 4.4.2.54 2007.12.31 -
F-Secure 6.70.13030.0 2008.01.01 Tibs.BFZU
Ikarus T3.1.1.15 2008.01.01 -
Kaspersky 7.0.0.125 2008.01.01 Email-Worm.Win32.Zhelatin.qa
McAfee 5196 2007.12.31 -
Microsoft 1.3109 2008.01.01 Backdoor:Win32/Nuwar.gen!A
NOD32v2 2759 2008.01.01 a variant of Win32/Nuwar
Norman 5.80.02 2007.12.31 -
Panda 9.0.0.4 2008.01.01 Suspicious file
Prevx1 V2 2008.01.01 -
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2008.01.01 -
Sunbelt 2.2.907.0 2007.12.30 -
Symantec 10 2008.01.01 Trojan.Peacomm.D
TheHacker 6.2.9.176 2008.01.01 -
VBA32 3.12.2.5 2007.12.31 -
VirusBuster 4.3.26:9 2008.01.01 -
Webwasher-Gateway 6.6.2 2007.12.31 Trojan.Crypt.XDR.Gen
Дополнительная информация
File size: 81844 bytes
MD5: 7ae43f75d7127fe35c840daf86ab7a73
SHA1: 665043076eb03db80edfa756a83739074f7b57dc

Каспер только недавно начал детектить...базы пришлось вручную обновить.

**Surfer** · 01.01.2008, 23:06

File ibho1.dll received on 01.01.2008 20:56:10 (CET)
Current status: finished

Result: 6/32 (18.75%)

Antivirus Version Last Update Result
AhnLab-V3 2008.1.1.10 2007.12.31 -
AntiVir 7.6.0.46 2007.12.31 -
Authentium 4.93.8 2007.12.31 -
Avast 4.7.1098.0 2007.12.31 -
AVG 7.5.0.516 2008.01.01 -
BitDefender 7.2 2008.01.01 Adware.Give4free.C
CAT-QuickHeal 9.00 2007.12.31 -
ClamAV 0.91.2 2008.01.01 -
DrWeb 4.44.0.09170 2007.12.31 -
eSafe 7.0.15.0 2008.01.01 -
eTrust-Vet 31.3.5421 2008.01.01 -
Ewido 4.0 2008.01.01 -
FileAdvisor 1 2008.01.01 -
Fortinet 3.14.0.0 2008.01.01 -
F-Prot 4.4.2.54 2008.01.01 -
F-Secure 6.70.13030.0 2008.01.01 -
Ikarus T3.1.1.15 2008.01.01 -
Kaspersky 7.0.0.125 2008.01.01 -
McAfee 5196 2007.12.31 potentially unwanted program Adware-Give4Free
Microsoft 1.3109 2008.01.01 Adware:Win32/Give4Free
NOD32v2 2759 2008.01.01 -
Norman 5.80.02 2007.12.31 -
Panda 9.0.0.4 2008.01.01 Generic Malware
Prevx1 V2 2008.01.01 -
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2008.01.01 -
Sunbelt 2.2.907.0 2007.12.30 Give4Free
Symantec 10 2008.01.01 -
TheHacker 6.2.9.176 2008.01.01 -
VBA32 3.12.2.5 2007.12.31 -
VirusBuster 4.3.26:9 2008.01.01 -
Webwasher-Gateway 6.6.2 2007.12.31 Trojan.Downloader.Win32.Malware.gen (suspicious)

Additional information
File size: 29696 bytes
MD5: b2e0d43ac994b95839af87587a50d9dd
SHA1: 8d49252eeafba8616c05e93274907e7c28ec9490
PEiD: -
packers: UPX
packers: UPX
packers: UPX

**strawser** · 03.01.2008, 01:39

File Crack_Windows_XP.zip received on 01.02.2008 23:22:33 (CET)
Result: 11/32 (34.38%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.3.10 2008.01.02 -
AntiVir 7.6.0.46 2008.01.02 TR/Dropper.Gen
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.02 Win32:Agent-KXS
AVG 7.5.0.516 2008.01.02 Dropper.Agent.DQC
BitDefender 7.2 2008.01.02 Trojan.PWS.LdPinch.BSG
CAT-QuickHeal 9.00 2008.01.02 -
ClamAV 0.91.2 2008.01.02 -
DrWeb 4.44.0.09170 2008.01.02 Trojan.MulDrop.6269
eSafe 7.0.15.0 2008.01.02 Suspicious File
eTrust-Vet 31.3.5424 2008.01.02 -
Ewido 4.0 2008.01.02 -
FileAdvisor 1 2008.01.02 -
Fortinet 3.14.0.0 2008.01.02 -
F-Prot 4.4.2.54 2008.01.02 -
F-Secure 6.70.13030.0 2008.01.02 Trojan-Dropper.Win32.Agent.bib
Ikarus T3.1.1.15 2008.01.02 Trojan-Dropper.Win32.Agent.bib
Kaspersky 7.0.0.125 2008.01.02 Trojan-Dropper.Win32.Agent.bib
McAfee 5197 2008.01.02 -
Microsoft 1.3109 2008.01.02 -
NOD32v2 2761 2008.01.02 -
Norman 5.80.02 2008.01.02 -
Panda 9.0.0.4 2008.01.02 Suspicious file
Prevx1 V2 2008.01.02 -
Rising 20.25.22.00 2008.01.02 -
Sophos 4.24.0 2008.01.02 -
Sunbelt 2.2.907.0 2008.01.02 -
Symantec 10 2008.01.02 -
TheHacker 6.2.9.176 2008.01.01 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.02 -
Webwasher-Gateway 6.6.2 2008.01.02 Trojan.Dropper.Gen
Additional information
File size: 76817 bytes
MD5: 70d14dd0b905baf481453ff2001ee566
SHA1: 78fce6f9585cf29bcb8e033874e1378c14a1dbed
PEiD: -

File mvat.rar received on 01.02.2008 23:48:44 (CET)
Result: 15/32 (46.88%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.3.10 2008.01.02 -
AntiVir 7.6.0.46 2008.01.02 BDS/Pcclient.GV.183
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.02 -
AVG 7.5.0.516 2008.01.02 -
BitDefender 7.2 2008.01.02 Backdoor.Pcclient.GV
CAT-QuickHeal 9.00 2008.01.02 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.02 -
DrWeb 4.44.0.09170 2008.01.02 -
eSafe 7.0.15.0 2008.01.02 suspicious Trojan/Worm
eTrust-Vet 31.3.5424 2008.01.02 -
Ewido 4.0 2008.01.02 -
FileAdvisor 1 2008.01.02 -
Fortinet 3.14.0.0 2008.01.02 PossibleThreat!024944
F-Prot 4.4.2.54 2008.01.02 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2008.01.02 -
Ikarus T3.1.1.15 2008.01.02 MalwareScope.Backdoor.Hupigon.3
Kaspersky 7.0.0.125 2008.01.02 -
McAfee 5197 2008.01.02 New Malware.aq
Microsoft 1.3109 2008.01.02 -
NOD32v2 2761 2008.01.02 -
Norman 5.80.02 2008.01.02 -
Panda 9.0.0.4 2008.01.02 Generic Malware
Prevx1 V2 2008.01.02 BACKDOOR.PCCLIENT.GV
Rising 20.25.22.00 2008.01.02 -
Sophos 4.24.0 2008.01.02 Mal/Packer
Sunbelt 2.2.907.0 2008.01.02 -
Symantec 10 2008.01.02 Backdoor.Trojan
TheHacker 6.2.9.176 2008.01.01 W32/Behav-Heuristic-063
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.02 Packed/NSPack
Webwasher-Gateway 6.6.2 2008.01.02 Trojan.Backdoor.Pcclient.GV.183
Additional information
File size: 44114 bytes
MD5: 6ee63970d8f3523c80115cbd55eaba7b
SHA1: 57c81f393055eda6db89da9e97398081701e9382
PEiD: -
packers: NSPack, PE_Patch, UPX
packers: NSPack, UPX
Prevx info: http://info.prevx.com/aboutprogramte...81510018414621

File mail.ru.games.crack.rar received on 01.03.2008 00:15:36 (CET)
Result: 13/32 (40.63%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.3.10 2008.01.02 -
AntiVir 7.6.0.46 2008.01.02 -
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.02 -
AVG 7.5.0.516 2008.01.02 Generic5.MNE
BitDefender 7.2 2008.01.02 -
CAT-QuickHeal 9.00 2008.01.02 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.02 PUA.Packed.UPack-2
DrWeb 4.44.0.09170 2008.01.02 -
eSafe 7.0.15.0 2008.01.02 Suspicious File
eTrust-Vet 31.3.5424 2008.01.02 -
Ewido 4.0 2008.01.02 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.02 -
F-Prot 4.4.2.54 2008.01.02 W32/Heuristic-162!Eldorado
F-Secure 6.70.13030.0 2008.01.02 -
Ikarus T3.1.1.15 2008.01.02 Trojan.Keygen.Q
Kaspersky 7.0.0.125 2008.01.02 -
McAfee 5197 2008.01.02 New Malware.aj
Microsoft 1.3109 2008.01.02 -
NOD32v2 2761 2008.01.02 -
Norman 5.80.02 2008.01.02 -
Panda 9.0.0.4 2008.01.02 -
Prevx1 V2 2008.01.03 Generic.Malware
Rising 20.25.22.00 2008.01.02 -
Sophos 4.24.0 2008.01.02 Mal/Packer
Sunbelt 2.2.907.0 2008.01.02 VIPRE.Suspicious
Symantec 10 2008.01.02 -
TheHacker 6.2.9.176 2008.01.01 W32/Behav-Heuristic-060
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.02 Packed/Upack
Webwasher-Gateway 6.0.1 2008.01.02 Win32.Malware.gen (suspicious)
Additional information
File size: 47431 bytes
MD5: 027e42801a8c06b052b246000d5d8181
SHA1: 84896e282662da0c99f10de258da036d217e1da4
PEiD: -
packers: UPack
packers: PE_Patch, UPack
Prevx info: http://info.prevx.com/aboutprogramte...DFB10012B9D722
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File Backdoor-Controller.rar received on 01.03.2008 12:31:10 (CET)
Result: 16/32 (50%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.3.10 2008.01.02 -
AntiVir 7.6.0.46 2008.01.03 BDS/Prorat.ae.23
Authentium 4.93.8 2008.01.02 is a dropper for W32/Dropper.DFP
Avast 4.7.1098.0 2008.01.03 Win32dPinch-RV
AVG 7.5.0.516 2008.01.02 PSW.Ldpinch.DQX
BitDefender 7.2 2008.01.03 Trojan.Dropper.Agent.BBA
CAT-QuickHeal 9.00 2008.01.02 -
ClamAV 0.91.2 2008.01.03 Trojan.Dropper-118
DrWeb 4.44.0.09170 2008.01.03 Trojan.MulDrop.5406
eSafe 7.0.15.0 2008.01.02 -
eTrust-Vet 31.3.5427 2008.01.03 -
Ewido 4.0 2008.01.02 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.03 -
F-Prot 4.4.2.54 2008.01.02 W32/Dropper.DFP
F-Secure 6.70.13030.0 2008.01.03 Trojan-Dropper.Win32.Agent.bba
Ikarus T3.1.1.15 2008.01.03 Trojan-Dropper.Win32.VB.FI
Kaspersky 7.0.0.125 2008.01.03 Trojan-Dropper.Win32.Agent.bba
McAfee 5198 2008.01.03 -
Microsoft 1.3109 2008.01.03 -
NOD32v2 2763 2008.01.03 Win32/TrojanDropper.Small.AQM
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.03 Generic.Malware
Rising 20.25.32.00 2008.01.03 -
Sophos 4.24.0 2008.01.03 -
Sunbelt 2.2.907.0 2008.01.03 -
Symantec 10 2008.01.03 -
TheHacker 6.2.9.178 2008.01.03 -
VBA32 3.12.2.5 2008.01.02 Trojan-PSW.Win32.LdPinch.bka
VirusBuster 4.3.26:9 2008.01.02 -
Webwasher-Gateway 6.6.2 2008.01.03 Trojan.Backdoor.Prorat.ae.23
Additional information
File size: 978065 bytes
MD5: 4bedef351df50464ee90711a1e2d380a
SHA1: 401e41aa223770086ed242053588dd62ab6b952b
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...36BD00ADC94FD9

Вначале только эвристики сработали,а потом Каспер подтвердил и довалил в базы этого зверя по имени Dr. Web Антивирус + Антиспам.rar. Только тот антивирус, которому вирус посвящен еще не детектит.

File Dr._Web__________________________ received on 01.03.2008 20:52:13 (CET)
Result: 3/32 (9.38%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.10 2008.01.03 -
AntiVir 7.6.0.46 2008.01.03 -
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.03 -
AVG 7.5.0.516 2008.01.03 -
BitDefender 7.2 2008.01.03 -
CAT-QuickHeal 9.00 2008.01.03 -
ClamAV 0.91.2 2008.01.03 -
DrWeb 4.44.0.09170 2008.01.03 -
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5427 2008.01.03 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.03 -
F-Prot 4.4.2.54 2008.01.02 -
F-Secure 6.70.13030.0 2008.01.03 -
Ikarus T3.1.1.15 2008.01.03 -
Kaspersky 7.0.0.125 2008.01.03 Trojan-Spy.Win32.Delf.avq
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.03 -
NOD32v2 2764 2008.01.03 -
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.03 Heuristic: Suspicious File With Mass Email Capabilities
Rising 20.25.32.00 2008.01.03 -
Sophos 4.24.0 2008.01.03 -
Sunbelt 2.2.907.0 2008.01.03 -
Symantec 10 2008.01.03 -
TheHacker 6.2.9.178 2008.01.03 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.03 -
Additional information
File size: 1900647 bytes
MD5: 0b2b4248ced3112ce75eff9bb0052a13
SHA1: 71c7e7861a1b43cc41d3ad9f3dc564192ec694bc
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...EB8000D3CE854D

File _webfile.ru____________.exe.safe received on 01.03.2008 22:18:35 (CET)
Result: 22/32 (68.75%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.10 2008.01.03 -
AntiVir 7.6.0.46 2008.01.03 TR/Spy.Gen
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.03 Win32dPinch-BHU
AVG 7.5.0.516 2008.01.03 Dropper.Generic.PPQ
BitDefender 7.2 2008.01.03 Trojan.PWS.LDPinch.TDA
CAT-QuickHeal 9.00 2008.01.03 TrojanDropper.Agent.buo
ClamAV 0.91.2 2008.01.03 -
DrWeb 4.44.0.09170 2008.01.03 Trojan.MulDrop.8720
eSafe 7.0.15.0 2008.01.03 Win32.Agent.buo
eTrust-Vet 31.3.5427 2008.01.03 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.03 W32/Basine.BUO!tr
F-Prot 4.4.2.54 2008.01.02 W32/Trojan.CFPJ
F-Secure 6.70.13030.0 2008.01.03 Trojan-Dropper.Win32.Agent.buo
Ikarus T3.1.1.15 2008.01.03 Trojan-Dropper.Win32.Small.bae
Kaspersky 7.0.0.125 2008.01.03 Trojan-Dropper.Win32.Agent.buo
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.03 -
NOD32v2 2764 2008.01.03 probably a variant of Win32/TrojanDropper.Agent
Norman 5.80.02 2008.01.03 W32/Wow.CAV
Panda 9.0.0.4 2008.01.03 Trj/Downloader.MDW
Prevx1 V2 2008.01.03 Generic.Malware
Rising 20.25.32.00 2008.01.03 Dropper.Win32.Agent.buo
Sophos 4.24.0 2008.01.03 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.03 -
Symantec 10 2008.01.03 Infostealer.Notos!gen
TheHacker 6.2.9.178 2008.01.03 Trojan/Dropper.Agent.buo
VBA32 3.12.2.5 2008.01.02 Trojan-Dropper.Win32.Agent.buo
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.03 Trojan.Spy.Gen
Additional information
File size: 627488 bytes
MD5: 011df53be509662db76f8d75b3948f41
SHA1: 10e42de52df7c7cfcdc6ad5884c2a857e11354b4
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...C83F001FBF7C10

File keygen__kaspersky_6.0_.exe.safe received on 01.03.2008 22:47:05 (CET)
Result: 19/32 (59.38%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.10 2008.01.03 -
AntiVir 7.6.0.46 2008.01.03 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.01.02 -
Avast 4.7.1098.0 2008.01.03 Win32dPinch-NO
AVG 7.5.0.516 2008.01.03 PSW.Ldpinch.RGB
BitDefender 7.2 2008.01.03 MemScan:Trojan.PWS.LdPinch.BSG
CAT-QuickHeal 9.00 2008.01.03 Win32.Trojan-PSW.LdPinch.bgj3
ClamAV 0.91.2 2008.01.03 -
DrWeb 4.44.0.09170 2008.01.03 Trojan.PWS.LDPinch.1407
eSafe 7.0.15.0 2008.01.03 Suspicious File
eTrust-Vet 31.3.5427 2008.01.03 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.03 -
Fortinet 3.14.0.0 2008.01.03 -
F-Prot 4.4.2.54 2008.01.02 W32/LdPinch.F.gen!Eldorado
F-Secure 6.70.13030.0 2008.01.03 Trojan-PSW.Win32.LdPinch.btw
Ikarus T3.1.1.15 2008.01.03 Trojan-PWS.Win32.LdPinch.bmi
Kaspersky 7.0.0.125 2008.01.03 Trojan-PSW.Win32.LdPinch.btw
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.03 Trojan:Win32/Anomaly.gen!A
NOD32v2 2764 2008.01.03 a variant of Win32/PSW.LdPinch.NCB
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 -
Prevx1 V2 2008.01.03 -
Rising 20.25.32.00 2008.01.03 Trojan.PSW.Win32.LdPinch.btw
Sophos 4.24.0 2008.01.03 Troj/LdPinch-PZ
Sunbelt 2.2.907.0 2008.01.03 Trojan-PWS.LdPinch.BSG
Symantec 10 2008.01.03 Infostealer
TheHacker 6.2.9.178 2008.01.03 -
VBA32 3.12.2.5 2008.01.02 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.03 Trojan.Crypt.XPACK.Gen
Additional information
File size: 32829 bytes
MD5: b4bd55ddbdda7f7fc6d7985a19421700
SHA1: c9cdcd832a776813e1b45cd890ff7a8883d3955f
PEiD: -
packers: RCryptor, PECompact
packers: PecBundle, PECompact

File AVP_Keygen_5.0.exe received on 01.04.2008 11:46:22 (CET)
Result: 16/32 (50%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.03 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 Win32:Small-YL
AVG 7.5.0.516 2008.01.03 Packed.AverCrypt
BitDefender 7.2 2008.01.04 -
CAT-QuickHeal 9.00 2008.01.03 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.03 Trojan.KeyLogger.195
eSafe 7.0.15.0 2008.01.03 1760502504
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.03 Logger.Small.cw
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 Trojan-Spy.Win32.Small.cw
Ikarus T3.1.1.15 2008.01.04 -
Kaspersky 7.0.0.125 2008.01.04 Trojan-Spy.Win32.Small.cw
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2764 2008.01.03 probably unknown NewHeur_PE virus
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 -
Rising 20.25.41.00 2008.01.04 -
Sophos 4.24.0 2008.01.04 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.04 VIPRE.Suspicious
Symantec 10 2008.01.04 Infostealer
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 suspected of Embedded.Trojan.Win32.Spy.Small.CW
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.Crypt.XPACK.Gen
Additional information
File size: 17920 bytes
MD5: d6420ad88e50a5f20fbbd87c0929fba0
SHA1: b3ca55bc190383e040656a78fe7e8082dc40b6ea
PEiD: AverCryptor 1.02 beta -> os1r1s
packers: PE-Crypt.PNH
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File AMS_Enterprise_2.79.exe received on 01.04.2008 11:46:48 (CET)
Result: 16/32 (50%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.03 TR/Spy.Gen
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 -
AVG 7.5.0.516 2008.01.03 PSW.Ldpinch.RLT
BitDefender 7.2 2008.01.04 Trojan.PWS.LdPinch.TGA
CAT-QuickHeal 9.00 2008.01.03 TrojanPSW.LdPinch.cds
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.03 Trojan.PWS.LDPinch.1941
eSafe 7.0.15.0 2008.01.03 Win32.LdPinch.cds
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.04 High threat detected
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 Trojan-PSW.Win32.LdPinch.cds
Ikarus T3.1.1.15 2008.01.04 MalwareScope.Trojan-PWS.Pinch.1
Kaspersky 7.0.0.125 2008.01.04 Trojan-PSW.Win32.LdPinch.cds
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2764 2008.01.03 -
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 -
Prevx1 V2 2008.01.04 -
Rising 20.25.41.00 2008.01.04 Trojan.PSW.Win32.LdPinch.cds
Sophos 4.24.0 2008.01.04 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.04 Trojan-Spy.Gen
Symantec 10 2008.01.04 -
TheHacker 6.2.9.180 2008.01.04 Trojan/PSW.LdPinch.cds
VBA32 3.12.2.5 2008.01.02 Trojan-PSW.Win32.LdPinch.cds
VirusBuster 4.3.26:9 2008.01.03 -
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.Spy.Gen
Additional information
File size: 42496 bytes
MD5: 2cb93a4a640c366add1d1177f0bec443
SHA1: cbf6b16d41f65b1ea0ebf74432a023abf15e528d
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services...1d1177f0bec443
packers: PE_Patch.FreeCryptor, FreeCryptor

File pinch3_Builder.rar received on 01.04.2008 12:21:55 (CET)
Result: 22/32 (68.75%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.04 TR/Crypt.XDR.Gen
Authentium 4.93.8 2008.01.04 W32/Trojan.ACMO
Avast 4.7.1098.0 2008.01.03 Win32dPinch-OR
AVG 7.5.0.516 2008.01.03 Dropper.Agent.EFM
BitDefender 7.2 2008.01.04 Trojan.PWS.LdPinch.TAI
CAT-QuickHeal 9.00 2008.01.03 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.04 Trojan.Spy-295
DrWeb 4.44.0.09170 2008.01.03 Trojan.MulDrop.7648
eSafe 7.0.15.0 2008.01.03 Suspicious File
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.03 -
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 W32/Trojan2.CKZ
F-Secure 6.70.13030.0 2008.01.04 Trojan-Dropper.Win32.PeStaple.13
Ikarus T3.1.1.15 2008.01.04 Trojan-Dropper.Win32.Agent.bgn
Kaspersky 7.0.0.125 2008.01.04 Trojan-Dropper.Win32.PeStaple.13
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 Win32/TrojanDropper.FriJoiner.NAA
Norman 5.80.02 2008.01.03 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 Heuristic: Suspicious Self Modifying EXE
Rising 20.25.42.00 2008.01.04 Dropper.Win32.Agent.bgn
Sophos 4.24.0 2008.01.04 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.04 VIPRE.Suspicious
Symantec 10 2008.01.04 -
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 Trojan-Dropper.Win32.Agent.bgn
VirusBuster 4.3.26:9 2008.01.03 Trojan.DR.Webmoner.Gen.2
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.Crypt.XDR.Gen
Additional information
File size: 422425 bytes
MD5: e33df8b9e185b82fe16a25e33c799d25
SHA1: d107330b71da84f1a1ac4397fe4829941ccafb94
PEiD: -
packers: PecBundle, PECompact
packers: PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact, PE_Patch.PECompact, PecBundle, PECompact
Prevx info: http://info.prevx.com/aboutprogramte...B164009BA2505A
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**strawser** · 04.01.2008, 19:01

File paroliki.exe.safe received on 01.04.2008 16:52:17 (CET)
Result: 15/32 (46.88%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.04 TR/PSW.LdPinch.eix
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 Win32dPinch-BJV
AVG 7.5.0.516 2008.01.04 PSW.Ldpinch.RZB
BitDefender 7.2 2008.01.04 -
CAT-QuickHeal 9.00 2008.01.04 TrojanPSW.LdPinch.eix
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.04 -
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.04 -
FileAdvisor 1 2008.01.04 High threat detected
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 W32/LdPinch.H.gen!Eldorado
F-Secure 6.70.13030.0 2008.01.04 Trojan-PSW.Win32.LdPinch.eix
Ikarus T3.1.1.15 2008.01.04 Virus.Win32.LdPinch.BJV
Kaspersky 7.0.0.125 2008.01.04 Trojan-PSW.Win32.LdPinch.eix
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 -
Rising 20.25.42.00 2008.01.04 -
Sophos 4.24.0 2008.01.04 -
Sunbelt 2.2.907.0 2008.01.04 VIPRE.Suspicious
Symantec 10 2008.01.04 Infostealer
TheHacker 6.2.9.180 2008.01.04 Trojan/PSW.LdPinch.eix
VBA32 3.12.2.5 2008.01.02 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2008.01.04 -
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.PSW.LdPinch.eix
Additional information
File size: 31232 bytes
MD5: 70a709161375ec2f634b5371d966b663
SHA1: 716dc079cbf424ef8ee41b6d5f301e9d519eb9af
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services...4b5371d966b663
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File __________________.rar received on 01.04.2008 17:09:46 (CET)
Result: 3/32 (9.38%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.04 -
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 -
AVG 7.5.0.516 2008.01.04 -
BitDefender 7.2 2008.01.04 -
CAT-QuickHeal 9.00 2008.01.04 -
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.04 SCRIPT.Virus
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.04 -
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 -
Ikarus T3.1.1.15 2008.01.04 -
Kaspersky 7.0.0.125 2008.01.04 Trojan.VBS.KillFiles.u
McAfee 5199 2008.01.03 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 -
Rising 20.25.42.00 2008.01.04 -
Sophos 4.24.0 2008.01.04 -
Sunbelt 2.2.907.0 2008.01.04 -
Symantec 10 2008.01.04 -
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.04 -
Webwasher-Gateway 6.6.2 2008.01.04 -
Additional information
File size: 1929 bytes
MD5: 8809ee20f31497ebec7796e40a314586
SHA1: 61e0b881ce3284a4ad154e47770f31e4f32e35ae
PEiD: -

File NewYear2008.scr.safe received on 01.04.2008 17:32:44 (CET)
Result: 18/32 (56.25%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 Win-Trojan/LdPinch.34287
AntiVir 7.6.0.46 2008.01.04 TR/Crypt.NSPM.Gen
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 -
AVG 7.5.0.516 2008.01.04 PSW.Ldpinch.QZF
BitDefender 7.2 2008.01.04 Trojan.PWS.Ldpinch.TEJ
CAT-QuickHeal 9.00 2008.01.04 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.04 Trojan.PWS.LDPinch.1407
eSafe 7.0.15.0 2008.01.03 Suspicious File
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.04 -
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 Trojan-PSW.Win32.LdPinch.ecw
Ikarus T3.1.1.15 2008.01.04 Trojan-PWS.Win32.LdPinch.ecw
Kaspersky 7.0.0.125 2008.01.04 Trojan-PSW.Win32.LdPinch.ecw
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 Win32/PSW.LdPinch.NCB
Norman 5.80.02 2008.01.04 W32/LdPinch.RUP
Panda 9.0.0.4 2008.01.03 -
Prevx1 V2 2008.01.04 -
Rising 20.25.42.00 2008.01.04 Trojan.DL.Win32.Small.etp
Sophos 4.24.0 2008.01.04 Mal/Basine-C
Sunbelt 2.2.907.0 2008.01.04 VIPRE.Suspicious
Symantec 10 2008.01.04 Infostealer
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 -
VirusBuster 4.3.26:9 2008.01.04 Trojan.PWS.LdPinch.CGD
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.Crypt.NSPM.Gen
Additional information
File size: 34287 bytes
MD5: add4b1566e862412eb08921b6975e5c7
SHA1: 590895137004cc116c2bb340e01c9a701990295b
PEiD: -
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

File l2phx.rar received on 01.04.2008 18:06:56 (CET)
Result: 12/32 (37.5%)
Antivirus Version Last Update Result
AhnLab-V3 2008.1.4.11 2008.01.04 -
AntiVir 7.6.0.46 2008.01.04 TR/Crypt.XDR.Gen
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.03 Win32:Cardspy-B
AVG 7.5.0.516 2008.01.04 -
BitDefender 7.2 2008.01.04 DeepScan:Generic.FWB.324295B9
CAT-QuickHeal 9.00 2008.01.04 -
ClamAV 0.91.2 2008.01.04 -
DrWeb 4.44.0.09170 2008.01.04 -
eSafe 7.0.15.0 2008.01.03 -
eTrust-Vet 31.3.5430 2008.01.04 -
Ewido 4.0 2008.01.04 -
FileAdvisor 1 2008.01.04 -
Fortinet 3.14.0.0 2008.01.04 -
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 -
Ikarus T3.1.1.15 2008.01.04 Trojan.Win32.Delf.nf
Kaspersky 7.0.0.125 2008.01.04 Trojan-PSW.Win32.LdPinch.cds
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.04 -
NOD32v2 2765 2008.01.04 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.03 Suspicious file
Prevx1 V2 2008.01.04 Heuristic: Suspicious Self Modifying File
Rising 20.25.42.00 2008.01.04 -
Sophos 4.24.0 2008.01.04 Mal/Behav-053
Sunbelt 2.2.907.0 2008.01.04 Backdoor.Delf.BF
Symantec 10 2008.01.04 -
TheHacker 6.2.9.180 2008.01.04 -
VBA32 3.12.2.5 2008.01.02 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.26:9 2008.01.04 Trojan.DR.Webmoner.Gen.2
Webwasher-Gateway 6.6.2 2008.01.04 Win32.NewMalware.CC!9728!4
Additional information
File size: 588302 bytes
MD5: fc2912bfe501e1303698cfcd7071ef9a
SHA1: 1a3f0b835a179e8ee52b9392925154c95dd72834
PEiD: -
packers: NCode
Prevx info: http://info.prevx.com/aboutprogramte...988F00C89E16CF

**ALEX(XX)** · 05.01.2008, 18:22

File Check.exe received on 01.05.2008 16:13:02 (CET)

Antivirus Version Last Update Result
AhnLab-V3 2008.1.5.11 2008.01.05 -
AntiVir 7.6.0.46 2008.01.04 TR/PSW.Wow.LQ
Authentium 4.93.8 2008.01.04 -
Avast 4.7.1098.0 2008.01.04 -
AVG 7.5.0.516 2008.01.05 -
BitDefender 7.2 2008.01.05 -
CAT-QuickHeal 9.00 2008.01.05 -
ClamAV 0.91.2 2008.01.05 -
DrWeb 4.44.0.09170 2008.01.05 -
eSafe 7.0.15.0 2008.01.03 Win32.WOW.lq
eTrust-Vet 31.3.5432 2008.01.04 -
Ewido 4.0 2008.01.05 -
FileAdvisor 1 2008.01.05 High threat detected
Fortinet 3.14.0.0 2008.01.05 W32/WOW.LQ!tr.pws
F-Prot 4.4.2.54 2008.01.04 -
F-Secure 6.70.13030.0 2008.01.04 W32/Wow.BHU
Ikarus T3.1.1.15 2008.01.05 Trojan-PWS.Win32.WOW.lq
Kaspersky 7.0.0.125 2008.01.05 -
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.05 -
NOD32v2 2766 2008.01.04 -
Norman 5.80.02 2008.01.04 W32/Wow.BHU
Panda 9.0.0.4 2008.01.05 Trj/WoW.HV
Prevx1 V2 2008.01.05 Generic.Malware
Rising 20.25.52.00 2008.01.05 -
Sophos 4.24.0 2008.01.05 Mal/Generic-A
Sunbelt 2.2.907.0 2008.01.05 VIPRE.Suspicious
Symantec 10 2008.01.05 Trojan Horse
TheHacker 6.2.9.180 2008.01.04 Trojan/PSW.WOW.lq
VBA32 3.12.2.5 2008.01.02 Trojan-PSW.Win32.WOW.lq
VirusBuster 4.3.26:9 2008.01.05 -
Webwasher-Gateway 6.6.2 2008.01.04 Trojan.PSW.Wow.LQ

Additional information
File size: 245760 bytes
MD5: 70abf6a1b03de09b581ed39c5196c6fa
SHA1: 027891795ce1316faf4754066691c14002392bad
PEiD: -
Bit9 info: http://fileadvisor.bit9.com/services...1ed39c5196c6fa
Prevx info: http://info.prevx.com/aboutprogramte...D867002B0784EF
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**rubin** · 06.01.2008, 14:04

mssrv32.exe получен 2008.01.06 11:56:33 (CET)

Код:

AhnLab-V3	2008.1.5.11	2008.01.05	-
AntiVir	7.6.0.46	2008.01.04	TR/Crypt.XPACK.Gen
Authentium	4.93.8	2008.01.05	-
Avast	4.7.1098.0	2008.01.05	-
AVG	7.5.0.516	2008.01.05	Crypt.H
BitDefender	7.2	2008.01.06	-
CAT-QuickHeal	9.00	2008.01.05	-
ClamAV	0.91.2	2008.01.06	-
DrWeb	4.44.0.09170	2008.01.06	Trojan.DownLoader.35134
eSafe	7.0.15.0	2008.01.03	suspicious Trojan/Worm
eTrust-Vet	31.3.5432	2008.01.04	-
Ewido	4.0	2008.01.05	-
FileAdvisor	1	2008.01.06	-
Fortinet	3.14.0.0	2008.01.06	-
F-Prot	4.4.2.54	2008.01.05	-
F-Secure	6.70.13030.0	2008.01.05	-
Ikarus	T3.1.1.15	2008.01.06	-
Kaspersky	7.0.0.125	2008.01.06	-
McAfee	5200	2008.01.04	-
Microsoft	1.3109	2008.01.06	-
NOD32v2	2767	2008.01.06	-
Norman	5.80.02	2008.01.04	-
Panda	9.0.0.4	2008.01.05	-
Prevx1	V2	2008.01.06	Heuristic: Suspicious Self Modifying EXE
Rising	20.25.62.00	2008.01.06	-
Sophos	4.24.0	2008.01.06	-
Sunbelt	2.2.907.0	2008.01.05	-
Symantec	10	2008.01.06	-
TheHacker	6.2.9.181	2008.01.05	-
VBA32	3.12.2.5	2008.01.02	-
VirusBuster	4.3.26:9	2008.01.05	-
Webwasher-Gateway	6.6.2	2008.01.04	Trojan.Crypt.XPACK.Gen

File size: 14336 bytes
MD5: 96357a35c71162303038c815cb9e02a6
SHA1: fcb927ef0aef3b6e3aa8521c5a16f1ce5b2ba5c9
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramte...78FB00D2F59177

Добавлено через 1 минуту

ftpgrb[1].exe получен 2008.01.06 11:56:29 (CET)

Код:

AhnLab-V3	2008.1.5.11	2008.01.05	-
AntiVir	7.6.0.46	2008.01.04	-
Authentium	4.93.8	2008.01.05	-
Avast	4.7.1098.0	2008.01.05	-
AVG	7.5.0.516	2008.01.05	-
BitDefender	7.2	2008.01.06	-
CAT-QuickHeal	9.00	2008.01.05	-
ClamAV	0.91.2	2008.01.06	-
DrWeb	4.44.0.09170	2008.01.06	-
eSafe	7.0.15.0	2008.01.03	-
eTrust-Vet	31.3.5432	2008.01.04	-
Ewido	4.0	2008.01.05	-
FileAdvisor	1	2008.01.06	-
Fortinet	3.14.0.0	2008.01.06	-
F-Prot	4.4.2.54	2008.01.05	-
F-Secure	6.70.13030.0	2008.01.05	-
Ikarus	T3.1.1.15	2008.01.06	Trojan-Spy.Finanz.J
Kaspersky	7.0.0.125	2008.01.06	Trojan-PSW.Win32.Agent.vh
McAfee	5200	2008.01.04	-
Microsoft	1.3109	2008.01.06	-
NOD32v2	2767	2008.01.06	-
Norman	5.80.02	2008.01.04	-
Panda	9.0.0.4	2008.01.05	-
Prevx1	V2	2008.01.06	Heuristic: Suspicious Self Modifying File
Rising	20.25.62.00	2008.01.06	-
Sophos	4.24.0	2008.01.06	Mal/Behav-112
Sunbelt	2.2.907.0	2008.01.05	Trojan.Nethell.B
Symantec	10	2008.01.06	-
TheHacker	6.2.9.181	2008.01.05	-
VBA32	3.12.2.5	2008.01.02	-
VirusBuster	4.3.26:9	2008.01.05	-
Webwasher-Gateway	6.6.2	2008.01.04	-

File size: 16896 bytes
MD5: 5f587ef06b011a352f51c0fe67704d4b
SHA1: 8d5b1adaa59d352f2af549935936a0316f430361
PEiD: Armadillo v1.71
packers: UPX
Prevx info: http://info.prevx.com/aboutprogramte...0581002333697E

XL · 06.01.2008, 20:56

вот такой малварный драйверочек поймал:

Файл beep.sys получен 2008.01.06 18:46:14 (CET)

AhnLab-V3 2008.1.5.11 2008.01.05 -
AntiVir 7.6.0.46 2008.01.06 -
Authentium 4.93.8 2008.01.06 -
Avast 4.7.1098.0 2008.01.06 -
AVG 7.5.0.516 2008.01.06 -
BitDefender 7.2 2008.01.06 Generic.Zlob.96765D0B
CAT-QuickHeal 9.00 2008.01.05 (Suspicious) - DNAScan
ClamAV 0.91.2 2008.01.06 -
DrWeb 4.44.0.09170 2008.01.06 -
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5432 2008.01.04 -
Ewido 4.0 2008.01.06 -
FileAdvisor 1 2008.01.06 -
Fortinet 3.14.0.0 2008.01.06 -
F-Prot 4.4.2.54 2008.01.05 -
F-Secure 6.70.13030.0 2008.01.05 Rootkit.Win32.Agent.sv
Ikarus T3.1.1.15 2008.01.06 Generic.Zlob
Kaspersky 7.0.0.125 2008.01.06 Rootkit.Win32.Agent.sv
McAfee 5200 2008.01.04 -
Microsoft 1.3109 2008.01.06 -
NOD32v2 2767 2008.01.06 -
Norman 5.80.02 2008.01.04 -
Panda 9.0.0.4 2008.01.06 -
Prevx1 V2 2008.01.06 Heuristic: Suspicious File With Anti-Security Technology
Rising 20.25.62.00 2008.01.06 -
Sophos 4.24.0 2008.01.06 -
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.06 Trojan.Virantix.B
TheHacker 6.2.9.181 2008.01.05 -
VBA32 3.12.2.5 2008.01.06 -
VirusBuster 4.3.26:9 2008.01.06 -
Webwasher-Gateway 6.6.2 2008.01.06 Win32.Malware.gen!80 (suspicious)
Дополнительная информация
File size: 61440 bytes
MD5: cd7336cd26222ff6d1c7872da7a43173
SHA1: 92eb6067027f64f866224e12509508fc97cc6aee

описание зверька от symantec:
http://www.symantec.com/security_res...738-99&tabid=2

в списке завершаемых процессов улыбнуло:
avz.exe
cureit.exe

**Surfer** · 07.01.2008, 22:15

delphi - for noobs =)

Antivirus Version Last Update Result
AhnLab-V3 2008.1.8.10 2008.01.07 -
AntiVir 7.6.0.46 2008.01.07 TR/Delphi.Downloader.Gen
Authentium 4.93.8 2008.01.06 Possibly a new variant of W32/NewMalware-LSU-based!Maximus
Avast 4.7.1098.0 2008.01.07 -
AVG 7.5.0.516 2008.01.07 Downloader.Generic6.ACOR
BitDefender 7.2 2008.01.07 -
CAT-QuickHeal 9.00 2008.01.07 -
ClamAV 0.91.2 2008.01.07 -
DrWeb 4.44.0.09170 2008.01.07 DLOADER.Trojan
eSafe 7.0.15.0 2008.01.06 -
eTrust-Vet 31.3.5438 2008.01.07 -
Ewido 4.0 2008.01.07 -
FileAdvisor 1 2008.01.07 -
Fortinet 3.14.0.0 2008.01.07 -
F-Prot 4.4.2.54 2008.01.06 W32/NewMalware-LSU-based!Maximus
F-Secure 6.70.13030.0 2008.01.07 W32/Downloader
Ikarus T3.1.1.15 2008.01.07 Trojan-Downloader.Win32.Delf.NC
Kaspersky 7.0.0.125 2008.01.07 Heur.Downloader
McAfee 5201 2008.01.07 -
Microsoft 1.3109 2008.01.07 TrojanDownloader:Win32/Small.gen!X
NOD32v2 2771 2008.01.07 a variant of Win32/TrojanDownloader.Dadobra.FX
Norman 5.80.02 2008.01.07 W32/Downloader
Panda 9.0.0.4 2008.01.07 Suspicious file
Prevx1 V2 2008.01.07 -
Rising 20.26.02.00 2008.01.07 -
Sophos 4.24.0 2008.01.07 Mal/Heuri-E
Sunbelt 2.2.907.0 2008.01.05 -
Symantec 10 2008.01.07 -
TheHacker 6.2.9.183 2008.01.07 -
VBA32 3.12.2.5 2008.01.07 suspected of Win32.Trojan.Downloader (http://...)
VirusBuster 4.3.26:9 2008.01.07 -
Webwasher-Gateway 6.6.2 2008.01.07 Trojan.Delphi.Downloader.Gen
Additional information
File size: 16896 bytes
MD5: 10a20ab9b8e55fb3e5f3affdb94027ad
SHA1: 4296f6f9ae3ff4b804ee4e35484ae2d7700af0a7
PEiD: -

http://www.virustotal.com/analisis/4...9807533a0b08f5

Исследование антивирусов 6

Опции темы

\WINDOWS\system32\kdcys.exe

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 5

Исследование антивирусов 4

Исследование антивирусов 3

Исследование антивирусов 2

Ваши права в разделе