Исследование антивирусов 7

**VirCode** · 09.06.2009, 12:24

Файл page.html получен 2009.06.09 08:19:58 (UTC)
Текущий статус: закончено
Результат: 10/40 (25.00%)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.18	2009.06.09	Trojan-Downloader.JS.Psyme.cv!IK*
AhnLab-V3	5.0.0.2	2009.06.09	-
AntiVir	7.9.0.180	2009.06.08	-
Antiy-AVL	2.0.3.1	2009.06.08	-
Authentium	5.1.2.4	2009.06.08	-
Avast	4.8.1335.0	2009.06.08	JS:Redirector-Q
AVG	8.5.0.339	2009.06.08	JS/Downloader.Agent
BitDefender	7.2	2009.06.09	-
CAT-QuickHeal	10.00	2009.06.09	-
ClamAV	0.94.1	2009.06.09	-
Comodo	1291	2009.06.09	-
DrWeb	5.0.0.12182	2009.06.09	VBS.Psyme.377
eSafe	7.0.17.0	2009.06.07	-
eTrust-Vet	31.6.6548	2009.06.08	-
F-Prot	4.4.4.56	2009.06.08	-
F-Secure	8.0.14470.0	2009.06.09	-
Fortinet	3.117.0.0	2009.06.08	-
GData	19	2009.06.09	JS:Redirector-Q 
Ikarus	T3.1.1.59.0	2009.06.09	-
K7AntiVirus	7.10.757	2009.06.08	-
Kaspersky	7.0.0.125	2009.06.09	-
McAfee	5640	2009.06.08	JS/Wonka
McAfee+Artemis	5640	2009.06.08	JS/Wonka
McAfee-GW-Edition	6.7.6	2009.06.09	Exploit.HTML.Shellcode.gen (suspicious)
Microsoft	1.4701	2009.06.09	-
NOD32	4139	2009.06.08	-
Norman	6.01.09	2009.06.08	-
nProtect	2009.1.8.0	2009.06.09	-
Panda	10.0.0.14	2009.06.09	-
PCTools	4.4.2.0	2009.06.06	-
Prevx	3.0	2009.06.09	-
Rising	21.33.11.00	2009.06.09	Hack.Exploit.Script.JS.ShellCode.k
Sophos	4.42.0	2009.06.09	Mal/ObfJS-H
Sunbelt	3.2.1858.2	2009.06.09	-
Symantec	1.4.4.12	2009.06.09	-
TheHacker	6.3.4.3.342	2009.06.08	-
TrendMicro	8.950.0.1092	2009.06.09	-
VBA32	3.12.10.6	2009.06.08	-
ViRobot	2009.6.9.1774	2009.06.09	-
VirusBuster	4.6.5.0	2009.06.08	-

Дополнительная информация
File size: 100859 bytes
MD5 : 6b1cdd41e6bef098c4fd3cd6e88403e7
SHA1 : 09249ae71fbab37cc59a6bd218f9380347ea89c3
SHA256: 694d8a6a88440ffb0f692bc211e60374c6bed8cbd8322d06e7 c271845304ab7b
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: -
PEiD : -
RDS : NSRL Reference Data Set

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**valho** · 09.06.2009, 14:22

На компьютере нет антивируса, но вирус, как проверил, ловился всеми почти кроме Ikarus. Это... значит пойман руками?
C:\windows\system32\explorer.exe

File EXPLORER.EXE received on 2009.06.09 09:57:27 (UTC)
Current status:Finished
Result: 39/40 (97.5%)

a-squared 4.5.0.18 - Virus.Win32.VB.bu!IK
AhnLab-V3 5.0.0.2 - Win-Trojan/KorGameHack.36864.B
AntiVir 7.9.0.180 - W32/VB.BU
Antiy-AVL 2.0.3.1 - Virus/Win32.VB
Authentium 5.1.2.4 - W32/Legendmir.CTS
Avast 4.8.1335.0 - Win32:detnat-AX
AVG 8.5.0.339 - Generic2.FRK
BitDefender 7.2 - Trojan.PWS.OnlineGames.WJP
CAT-QuickHeal 10.00 - Worm.VB.bu
ClamAV 0.94.1 - Trojan.VB-420
Comodo 1291 - Worm.Win32.VB.NHZ
DrWeb 5.0.0.12182 - BackDoor.Generic.1451
eSafe 7.0.17.0 - Virus.Win32.VB.bu
eTrust-Vet 31.6.6549 - Win32/Jampork.D
F-Prot 4.4.4.56 - W32/Legendmir.CTS
F-Secure 8.0.14470.0 - Virus.Win32.VB.bu
Fortinet 3.117.0.0 - W32/VB.BU!tr
GData 19 - Trojan.PWS.OnlineGames.WJP
IkarusT3.1.1.59.0 -
K7AntiVirus 7.10.757 - Worm.Win32.VB
Kaspersky 7.0.0.125 - Virus.Win32.VB.bu
McAfee 5640 - Generic PWS.g
McAfee+Artemis 5640 - Generic PWS.g
McAfee-GW-Edition 6.7.6 - Win32.VB.BU
Microsoft 1.4701 - Virus:Win32/VB.BU
NOD32 4140 - Win32/VB.NHZ
Norman 6.01.09 - W32/VBTroj.DVG
nProtect 2009.1.8.0 - Trojan/W32.Agent.36864.R
Panda 10.0.0.14 - Trj/Gamania.HL
PCTools 4.4.2.0 - Worm.AutoRun.J
Prevx 3.0 - Medium Risk Malware
Rising 21.33.12.00 - Trojan.Win32.VB.zrd
Sophos 4.42.0 - Troj/Gampass-A
Sunbelt 3.2.1858.2 - Infostealer.Lineage
Symantec 1.4.4.12 - Infostealer.Lineage
TheHacker 6.3.4.3.342 - Trojan/VB.atv
TrendMicro 8.950.0.1092 - WORM_VB.DVP
VBA32 3.12.10.6 - Win32.VB.NHZ
ViRobot 2009.6.9.1774 - Trojan.Win32.PSWKGame.36864
VirusBuster 4.6.5.0 - Worm.AutoRun.J

Additional information
File size: 36864 bytes
MD5...: 1eb40158ddee938b5e40af9e66c3e1b7
SHA1..: 651768e6150e44ba75759ea0a3e9e5ac2bbd16f8
SHA256: ad6e57c05bcdd11afde9d328fbff56cbdcdf27de70adf02791 2689d7744906e1

TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)

P.S. Такое творится в новом, самом большом роддоме в Европе который рядом со мной построили

[moderated]

Т.е. которых не видел установленный на компютере антивирус.

Это не относится к тестированию антивирусов, это разгильдяйство...

**valho** · 10.06.2009, 17:21

Последний раз редактировалось Shu_b; Сегодня в 12:12 Причина: вне зачёта...

Вах

Хорошо что тут есть сподвижники, а то там куда иногда хожу одни неадекваты

**senyak** · 12.06.2009, 23:31

Файл Jimm2009.jar получен 2009.06.12 19:30:29 (UTC)
Текущий статус: закончено
Результат: 10/39 (25.65%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.12 -
AhnLab-V3 5.0.0.2 2009.06.12 -
AntiVir 7.9.0.187 2009.06.12 -
Antiy-AVL 2.0.3.1 2009.06.12 Trojan/J2ME.Swapi
Authentium 5.1.2.4 2009.06.12 -
Avast 4.8.1335.0 2009.06.12 Other:Malware-gen
AVG 8.5.0.339 2009.06.12 Java/Swapi
BitDefender 7.2 2009.06.12 -
CAT-QuickHeal 10.00 2009.06.12 -
ClamAV 0.94.1 2009.06.12 -
Comodo 1322 2009.06.12 TrojWare.J2ME.SMS.Swapi.n
DrWeb 5.0.0.12182 2009.06.12 Java.SmsFlood
eSafe 7.0.17.0 2009.06.11 -
eTrust-Vet 31.6.6555 2009.06.12 -
F-Prot 4.4.4.56 2009.06.12 -
F-Secure 8.0.14470.0 2009.06.12 Trojan-SMS.J2ME.Swapi.n
Fortinet 3.117.0.0 2009.06.12 Java/Swapi.N!tr
GData 19 2009.06.12 Other:Malware-gen
Ikarus T3.1.1.59.0 2009.06.12 Trojan-SMS
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.12 Trojan-SMS.J2ME.Swapi.n
McAfee 5644 2009.06.12 -
McAfee+Artemis 5644 2009.06.12 -
Microsoft 1.4701 2009.06.12 -
NOD32 4151 2009.06.12 -
Norman 6.01.09 2009.06.12 -
nProtect 2009.1.8.0 2009.06.12 -
Panda 10.0.0.14 2009.06.12 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.12 -
Rising 21.33.44.00 2009.06.12 -
Sophos 4.42.0 2009.06.12 -
Sunbelt 3.2.1858.2 2009.06.12 -
Symantec 1.4.4.12 2009.06.12 -
TheHacker 6.3.4.3.344 2009.06.11 -
TrendMicro 8.950.0.1092 2009.06.12 -
VBA32 3.12.10.7 2009.06.12 -
ViRobot 2009.6.12.1783 2009.06.12 -
VirusBuster 4.6.5.0 2009.06.12 -

Дополнительная информация
File size: 135727 bytes
MD5...: 7d79377f1762699a9ca742b9228c47fc
SHA1..: 104f318995681d842b2967f866375bbe93db9b03
SHA256: bdb3d1dd263064aa54790372927077abaf131f5e45cb003b1a d7a7b919d32d76
ssdeep: -
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

Файл nazvanie.jar получен 2009.06.12 19:26:44 (UTC)
Текущий статус: закончено
Результат: 13/39 (33.34%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.12 -
AhnLab-V3 5.0.0.2 2009.06.12 -
AntiVir 7.9.0.187 2009.06.12 JAVA/Boxer.1
Antiy-AVL 2.0.3.1 2009.06.12 Trojan/J2ME.Boxer
Authentium 5.1.2.4 2009.06.12 -
Avast 4.8.1335.0 2009.06.12 Other:Malware-gen
AVG 8.5.0.339 2009.06.12 Java/SMS.C
BitDefender 7.2 2009.06.12 -
CAT-QuickHeal 10.00 2009.06.12 -
ClamAV 0.94.1 2009.06.12 -
Comodo 1322 2009.06.12 Unclassified Malware
DrWeb 5.0.0.12182 2009.06.12 Java.SMSSend.41
eSafe 7.0.17.0 2009.06.11 -
eTrust-Vet 31.6.6555 2009.06.12 -
F-Prot 4.4.4.56 2009.06.12 -
F-Secure 8.0.14470.0 2009.06.12 Trojan-SMS.J2ME.Boxer.i
Fortinet 3.117.0.0 2009.06.12 -
GData 19 2009.06.12 Other:Malware-gen
Ikarus T3.1.1.59.0 2009.06.12 Trojan-SMS
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.12 Trojan-SMS.J2ME.Boxer.i
McAfee 5644 2009.06.12 -
McAfee+Artemis 5644 2009.06.12 -
Microsoft 1.4701 2009.06.12 Trojan:Java/Boxer.A
NOD32 4151 2009.06.12 -
Norman 6.01.09 2009.06.12 -
nProtect 2009.1.8.0 2009.06.12 -
Panda 10.0.0.14 2009.06.12 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.12 -
Rising 21.33.44.00 2009.06.12 -
Sophos 4.42.0 2009.06.12 -
Sunbelt 3.2.1858.2 2009.06.12 -
Symantec 1.4.4.12 2009.06.12 Trojan Horse
TheHacker 6.3.4.3.344 2009.06.11 -
TrendMicro 8.950.0.1092 2009.06.12 TROJ_BOXER.B
VBA32 3.12.10.7 2009.06.12 -
ViRobot 2009.6.12.1783 2009.06.12 -
VirusBuster 4.6.5.0 2009.06.12 -

Дополнительная информация
File size: 17383 bytes
MD5...: dc617d7a363fb020e7eeb102a9362b9a
SHA1..: ce5f7557876c5dd89a556dc670340cb4aad54df6
SHA256: 2b8cc58e9228189f91e40fba7d25f80ada0887247b62ea22a2 3c1ef4a9c3fcd6
ssdeep: -
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

**ISO** · 15.06.2009, 07:57

Прислали в ICQ с просьбой познакомиться и если есть желание сразу фотку посмотреть. Мой KIS промолчал, базы от 14.06.2009, вижу что за 15.06 уже детект есть.
File foto.jar received on 2009.06.15 03:53:24 (UTC)
Result: 7/39 (17.95%)

Код:

Antivirus 	Version 	Last Update 	Result

a-squared	4.5.0.18	2009.06.15	-
AhnLab-V3	5.0.0.2	2009.06.14	-
AntiVir	7.9.0.187	2009.06.14	-
Antiy-AVL	2.0.3.1	2009.06.12	Trojan/J2ME.Boxer
Authentium	5.1.2.4	2009.06.14	-
Avast	4.8.1335.0	2009.06.14	-
AVG	8.5.0.339	2009.06.14	Java/SMS.B
BitDefender	7.2	2009.06.15	-
CAT-QuickHeal	10.00	2009.06.15	-
ClamAV	0.94.1	2009.06.15	-
Comodo	1331	2009.06.15	TrojWare.J2ME.SMS.Boxer.g
DrWeb	5.0.0.12182	2009.06.15	Java.SMSSend.36
eSafe	7.0.17.0	2009.06.11	-
eTrust-Vet	31.6.6556	2009.06.12	-
F-Prot	4.4.4.56	2009.06.14	-
F-Secure	8.0.14470.0	2009.06.15	Trojan-SMS.J2ME.Boxer.g
Fortinet	3.117.0.0	2009.06.15	-
GData	19	2009.06.15	-
Ikarus	T3.1.1.59.0	2009.06.15	Trojan-SMS
K7AntiVirus	7.10.762	2009.06.12	-
Kaspersky	7.0.0.125	2009.06.15	Trojan-SMS.J2ME.Boxer.g
McAfee	5646	2009.06.14	-
McAfee+Artemis	5646	2009.06.14	-
Microsoft	1.4701	2009.06.14	-
NOD32	4153	2009.06.14	-
Norman	6.01.09	2009.06.12	-
nProtect	2009.1.8.0	2009.06.14	-
Panda	10.0.0.14	2009.06.14	-
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.15	-
Rising	21.34.00.00	2009.06.15	-
Sophos	4.42.0	2009.06.15	-
Sunbelt	3.2.1858.2	2009.06.14	-
Symantec	1.4.4.12	2009.06.15	-
TheHacker	6.3.4.3.345	2009.06.13	-
TrendMicro	8.950.0.1092	2009.06.15	-
VBA32	3.12.10.7	2009.06.14	-
ViRobot	2009.6.15.1786	2009.06.15	-
VirusBuster	4.6.5.0	2009.06.14	-

Additional information
File size: 15921 bytes
MD5...: a377419041614e0042d0d27cfc3dd54c
SHA1..: f3fc9cbf527b4f48ec62954a36a27591cee4f5a6
SHA256: c0377103f1454c29a0e381d9d7b338dfd47fda0e705c33bd75 4b5864e313f15b
ssdeep: -
PEiD..: -
TrID..: File type identification
Java Archive (78.3%)
ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

**Kuzz** · 15.06.2009, 15:53

Файл jimm_2010.jar получен 2009.06.15 11:50:57 (UTC)

Код:

Антивирус  Версия  Обновление  Результат

  a-squared  4.5.0.18  2009.06.15  -
  AhnLab-V3  5.0.0.2  2009.06.15  -
  AntiVir  7.9.0.187  2009.06.15  JAVA/SMS.Konov.J
  Antiy-AVL  2.0.3.1  2009.06.15  Trojan/J2ME.Konov
  Authentium  5.1.2.4  2009.06.14  -
  Avast  4.8.1335.0  2009.06.14  -
  AVG  8.5.0.339  2009.06.15  -
  BitDefender  7.2  2009.06.15  -
  CAT-QuickHeal  10.00  2009.06.15  -
  ClamAV  0.94.1  2009.06.15  -
  Comodo  1335  2009.06.15  -
  DrWeb  5.0.0.12182  2009.06.15  -
  eSafe  7.0.17.0  2009.06.11  -
  eTrust-Vet  31.6.6556  2009.06.12  -
  F-Prot  4.4.4.56  2009.06.14  -
  F-Secure  8.0.14470.0  2009.06.15  Trojan-SMS.J2ME.Konov.j
  Fortinet  3.117.0.0  2009.06.15  -
  GData  19  2009.06.15  -
  Ikarus  T3.1.1.59.0  2009.06.15  Trojan-SMS
  Jiangmin  11.0.706  2009.06.15  -
  K7AntiVirus  7.10.762  2009.06.12  -
  Kaspersky  7.0.0.125  2009.06.15  Trojan-SMS.J2ME.Konov.j
  McAfee  5646  2009.06.14  -
  McAfee+Artemis  5646  2009.06.14  -
  McAfee-GW-Edition  6.7.6  2009.06.15  Java.SMS.Konov.J
  Microsoft  1.4701  2009.06.15  -
  NOD32  4154  2009.06.15  -
  Norman  6.01.09  2009.06.12  -
  nProtect  2009.1.8.0  2009.06.15  -
  Panda  10.0.0.14  2009.06.14  -
  PCTools  4.4.2.0  2009.06.12  -
  Prevx  3.0  2009.06.15  -
  Rising  21.34.03.00  2009.06.15  -
  Sophos  4.42.0  2009.06.15  -
  Sunbelt  3.2.1858.2  2009.06.14  -
  Symantec  1.4.4.12  2009.06.15  -
  TheHacker  6.3.4.3.345  2009.06.13  -
  TrendMicro  8.950.0.1092  2009.06.15  -
  VBA32  3.12.10.7  2009.06.14  -
  ViRobot  2009.6.15.1787  2009.06.15  -

Дополнительная информация
File size: 4559 bytes
MD5...: 3f8f3882c10fed6214761516477234bd
SHA1..: b962085f5636b89d014aa117cefc8f410719766e
SHA256: c378f380bb5ad7fdf1666311e32a8c3a83d00667b1cff14d50 6d7ad1c1be71a3
ssdeep: - 
PEiD..: -
TrID..: File type identification Java Archive (78.3%) ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set -

**senyak** · 15.06.2009, 22:18

Файл foto32.scr получен 2009.06.15 18:13:29 (UTC)
Текущий статус: закончено
Результат: 8/40 (20%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.15 -
AhnLab-V3 5.0.0.2 2009.06.15 -
AntiVir 7.9.0.187 2009.06.15 -
Antiy-AVL 2.0.3.1 2009.06.15 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
AVG 8.5.0.339 2009.06.15 Win32/Cryptor
BitDefender 7.2 2009.06.15 -
CAT-QuickHeal 10.00 2009.06.15 -
ClamAV 0.94.1 2009.06.15 -
Comodo 1337 2009.06.15 -
DrWeb 5.0.0.12182 2009.06.15 -
eSafe 7.0.17.0 2009.06.15 -
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.15 -
Fortinet 3.117.0.0 2009.06.15 -
GData 19 2009.06.15 -
Ikarus T3.1.1.59.0 2009.06.15 -
Jiangmin 11.0.706 2009.06.15 -
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.15 -
McAfee 5647 2009.06.15 -
McAfee+Artemis 5647 2009.06.15 Artemis!169E0A8FF6F8
McAfee-GW-Edition 6.7.6 2009.06.15 Win32.Malware.gen (suspicious)
Microsoft 1.4701 2009.06.15 VirTool:Win32/Obfuscator.FL
NOD32 4156 2009.06.15 -
Norman 6.01.09 2009.06.15 -
nProtect 2009.1.8.0 2009.06.15 -
Panda 10.0.0.14 2009.06.15 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.15 High Risk Worm
Rising 21.34.04.00 2009.06.15 Packer.Win32.UnkPacker.a [Suspicious]
Sophos 4.42.0 2009.06.15 -
Sunbelt 3.2.1858.2 2009.06.15 -
Symantec 1.4.4.12 2009.06.15 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1092 2009.06.15 PAK_Generic.001
VBA32 3.12.10.7 2009.06.14 Malware-Cryptor.Win32.Vals.3
ViRobot 2009.6.15.1787 2009.06.15 -

Дополнительная информация
File size: 130560 bytes
MD5...: 169e0a8ff6f8b45867895920175ff750
SHA1..: c0a41237b693ebb1932374e9da2d80fb8386549e
SHA256: 2b1120be498560d7670b20227f7b8b8269c7343c83b5052e01 1d17be50b58840
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

**PavelA** · 16.06.2009, 12:57

"История болезни" - http://virusinfo.info/showthread.php?t=47970
C:\WINDOWS\system32\drivers\jcnpuznxjmabh.sys
Файл avz00002.dta получен 2009.06.16 08:52:44 (UTC)

Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.16 Backdoor.Winnt!IK
AhnLab-V3 5.0.0.2 2009.06.16 -
AntiVir 7.9.0.187 2009.06.16 -
Antiy-AVL 2.0.3.1 2009.06.15 -
Authentium 5.1.2.4 2009.06.15 -
Avast 4.8.1335.0 2009.06.15 -
AVG 8.5.0.339 2009.06.15 -
BitDefender 7.2 2009.06.16 -
CAT-QuickHeal 10.00 2009.06.16 -
ClamAV 0.94.1 2009.06.16 -
Comodo 1340 2009.06.16 -
DrWeb 5.0.0.12182 2009.06.16 -
eSafe 7.0.17.0 2009.06.15 Win32.BackdoorWinNTR
eTrust-Vet 31.6.6560 2009.06.15 -
F-Prot 4.4.4.56 2009.06.15 -
F-Secure 8.0.14470.0 2009.06.16 -
Fortinet 3.117.0.0 2009.06.16 -
GData 19 2009.06.16 -
Ikarus T3.1.1.59.0 2009.06.16 Backdoor.Winnt
Jiangmin 11.0.706 2009.06.16 -
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.16 -
McAfee 5647 2009.06.15 -
McAfee+Artemis 5647 2009.06.15 Artemis!5157F9FBB58B
McAfee-GW-Edition 6.7.6 2009.06.16 -
Microsoft 1.4701 2009.06.16 Backdoor:WinNT/Rustock.gen!B
NOD32 4158 2009.06.16 Win32/Rootkit.Agent.NMR
Norman 6.01.09 2009.06.15 -
nProtect 2009.1.8.0 2009.06.16 -
Panda 10.0.0.14 2009.06.15 Suspicious file
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.16 Medium Risk Malware
Rising 21.34.11.00 2009.06.16 -
Sophos 4.42.0 2009.06.16 -
Sunbelt 3.2.1858.2 2009.06.16 -
Symantec 1.4.4.12 2009.06.16 -
TheHacker 6.3.4.3.345 2009.06.15 -
TrendMicro 8.950.0.1094 2009.06.16 -
VBA32 3.12.10.7 2009.06.16 Win32.Rootkit.Agent.NMR
ViRobot 2009.6.16.1788 2009.06.16 -
VirusBuster 4.6.5.0 2009.06.15 -

**ISO** · 16.06.2009, 14:31

Сидел у пользователя в автозагрузке, KIS молчал и лишь изредка что то шептала проактивка, правда сетевой экран стоял на "Разрешать всё")))

File ______.exe received on 2009.06.16 10:26:13 (UTC)

Код:

Antivirus 	Version 	Last Update 	Result

a-squared	4.5.0.18	2009.06.16	Trojan-Dropper.Cutwail!IK
AhnLab-V3	5.0.0.2	2009.06.16	Win-Trojan/Downloader.21090.B
AntiVir	7.9.0.187	2009.06.16	TR/Drop.Cutwail.EI
Antiy-AVL	2.0.3.1	2009.06.16	-
Authentium	5.1.2.4	2009.06.15	-
Avast	4.8.1335.0	2009.06.15	-
AVG	8.5.0.339	2009.06.15	Win32/Cryptor
BitDefender	7.2	2009.06.16	Trojan.Dropper.Cutwail.EI
CAT-QuickHeal	10.00	2009.06.16	-
ClamAV	0.94.1	2009.06.16	-
Comodo	1341	2009.06.16	-
DrWeb	5.0.0.12182	2009.06.16	-
eSafe	7.0.17.0	2009.06.15	-
eTrust-Vet	31.6.6560	2009.06.15	-
F-Prot	4.4.4.56	2009.06.15	-
F-Secure	8.0.14470.0	2009.06.16	-
Fortinet	3.117.0.0	2009.06.16	-
GData	19	2009.06.16	Trojan.Dropper.Cutwail.EI
Ikarus	T3.1.1.59.0	2009.06.16	Trojan-Dropper.Cutwail
Jiangmin	11.0.706	2009.06.16	-
K7AntiVirus	7.10.762	2009.06.12	-
Kaspersky	7.0.0.125	2009.06.16	-
McAfee	5647	2009.06.15	Cutwail
McAfee+Artemis	5647	2009.06.15	Cutwail
McAfee-GW-Edition	6.7.6	2009.06.16	Trojan.Drop.Cutwail.EI
Microsoft	1.4701	2009.06.16	TrojanDownloader:Win32/Cutwail.AI
NOD32	4158	2009.06.16	a variant of Win32/Wigon.LC
Norman	6.01.09	2009.06.15	-
nProtect	2009.1.8.0	2009.06.16	Trojan/W32.Agent.21090.B
Panda	10.0.0.14	2009.06.16	-
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.16	Medium Risk Malware
Rising	21.34.11.00	2009.06.16	-
Sophos	4.42.0	2009.06.16	Mal/Generic-A
Sunbelt	3.2.1858.2	2009.06.16	-
Symantec	1.4.4.12	2009.06.16	-
TheHacker	6.3.4.3.345	2009.06.15	-
TrendMicro	8.950.0.1094	2009.06.16	-
VBA32	3.12.10.7	2009.06.16	-
ViRobot	2009.6.16.1789	2009.06.16	-
VirusBuster	4.6.5.0	2009.06.15	-

Additional information
File size: 21090 bytes
MD5...: 6d3589c7dc8968123c8c6127ff7af184
SHA1..: 85cb6467212ab1cf8e663053ea8b3ad05d17a633
SHA256: a78e1cb2de5a48ab9ddc89f30b949efa0b05255558b7c75717 9e5eff178ba8ce
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10d4
timedatestamp.....: 0x4a32c5a3 (Fri Jun 12 21:16:19 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7d6 0x7da 6.22 b2ea1bb19a9e7a910a937c3538e65190
.data 0x2000 0x4c4 0x4c6 4.71 c704989cf0d5b5927788a65f2198dcbc
.rsrc 0x3000 0x4260 0x4262 7.98 7aafd7651f89f01bc9e36fed04684272

( 2 imports )
> KERNEL32.dll: CloseHandle, CreateFileA, ExitProcess, GetModuleFileNameA, GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, ReadFile, Sleep
> USER32.dll: BeginPaint, BlockInput, CharLowerA, CharUpperA, CloseWindowStation, CreateDialogParamA, CreateWindowExA, DefWindowProcA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, FlashWindow, GetAsyncKeyState, GetClassInfoExA, GetMessageA, GetProcessWindowStation, GetTopWindow, MessageBoxA, OpenWindowStationA, RegisterWindowMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set

А это видимо один из файлов, которые он уже накачал на комп (сидел во временной папке пользователя)
File BN3.tmp received on 2009.06.16 10:26:41 (UTC)

Код:

Antivirus 	Version 	Last Update 	Result

a-squared	4.5.0.18	2009.06.16	Trojan-Dropper.Kobcka!IK
AhnLab-V3	5.0.0.2	2009.06.16	Win-Trojan/Agent.32629
AntiVir	7.9.0.187	2009.06.16	TR/Drop.Cutwail.DF
Antiy-AVL	2.0.3.1	2009.06.16	-
Authentium	5.1.2.4	2009.06.15	-
Avast	4.8.1335.0	2009.06.15	Win32:Cutwail-T
AVG	8.5.0.339	2009.06.15	Win32/Cryptor
BitDefender	7.2	2009.06.16	Trojan.Dropper.Cutwail.DF
CAT-QuickHeal	10.00	2009.06.16	-
ClamAV	0.94.1	2009.06.16	-
Comodo	1341	2009.06.16	-
DrWeb	5.0.0.12182	2009.06.16	Trojan.DownLoad.38459
eSafe	7.0.17.0	2009.06.15	-
eTrust-Vet	31.6.6560	2009.06.15	-
F-Prot	4.4.4.56	2009.06.15	-
F-Secure	8.0.14470.0	2009.06.16	-
Fortinet	3.117.0.0	2009.06.16	-
GData	19	2009.06.16	Trojan.Dropper.Cutwail.DF
Ikarus	T3.1.1.59.0	2009.06.16	Trojan-Dropper.Kobcka
Jiangmin	11.0.706	2009.06.16	-
K7AntiVirus	7.10.762	2009.06.12	-
Kaspersky	7.0.0.125	2009.06.16	-
McAfee	5647	2009.06.15	Cutwail
McAfee+Artemis	5647	2009.06.15	Cutwail
McAfee-GW-Edition	6.7.6	2009.06.16	Win32.NewMalware.HF
Microsoft	1.4701	2009.06.16	-
NOD32	4158	2009.06.16	a variant of Win32/Wigon.LC
Norman	6.01.09	2009.06.15	-
nProtect	2009.1.8.0	2009.06.16	Trojan/W32.Agent.32629
Panda	10.0.0.14	2009.06.16	-
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.16	High Risk Cloaked Malware
Rising	21.34.11.00	2009.06.16	-
Sophos	4.42.0	2009.06.16	Mal/Generic-A
Sunbelt	3.2.1858.2	2009.06.16	-
Symantec	1.4.4.12	2009.06.16	-
TheHacker	6.3.4.3.345	2009.06.15	-
TrendMicro	8.950.0.1094	2009.06.16	-
VBA32	3.12.10.7	2009.06.16	-
ViRobot	2009.6.16.1789	2009.06.16	-

Additional information
File size: 32629 bytes
MD5...: 1b4fbaed15a32ef6c2907a1f916373c4
SHA1..: 0374f78bfebf09b6ae9ddc8f9673241c44493fe8
SHA256: fc497c3f409af5d63340c82a4e58ac3e6f653be8b50aad5494 b20c890499122b
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10d4
timedatestamp.....: 0x4a2e5aff (Tue Jun 09 12:52:15 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x76a 0x76e 6.27 e3bf8a4721be2fc8406165504b4ae02b
.data 0x2000 0x43e 0x440 4.57 029bb8a75438155af08de3b36a7ab371
.rsrc 0x3000 0x6f78 0x6f75 7.99 cc41339d8c9cd636097379d17d548acf

( 2 imports )
> KERNEL32.dll: GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, Sleep, ExitProcess
> USER32.dll: BeginPaint, BlockInput, CharLowerA, CharUpperA, CloseWindowStation, CreateDialogParamA, CreateWindowExA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, FlashWindow, GetAsyncKeyState, GetClassInfoExA, GetProcessWindowStation, GetTopWindow, MessageBoxA, OpenWindowStationA, RegisterWindowMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-

**Kuzz** · 16.06.2009, 21:28

Сообщение от ISO

А это видимо один из файлов, которые он уже накачал на комп (сидел во временной папке пользователя)

Скорее защитно-нагрузочный модуль этого же троя...

Код:

Файл 8358902Anonim_SMS.jar получен 2009.06.16 17:21:39 (UTC)
Антивирус	Версия	Обновление	Результат

a-squared	4.5.0.18	2009.06.16	-
AhnLab-V3	5.0.0.2	2009.06.16	-
AntiVir	7.9.0.187	2009.06.16	-
Antiy-AVL	2.0.3.1	2009.06.16	-
Authentium	5.1.2.4	2009.06.16	-
Avast	4.8.1335.0	2009.06.15	-
AVG	8.5.0.339	2009.06.16	-
BitDefender	7.2	2009.06.16	-
CAT-QuickHeal	10.00	2009.06.16	-
ClamAV	0.94.1	2009.06.16	-
Comodo	1341	2009.06.16	-
DrWeb	5.0.0.12182	2009.06.16	-
eSafe	7.0.17.0	2009.06.16	-
eTrust-Vet	31.6.6563	2009.06.16	-
F-Prot	4.4.4.56	2009.06.15	-
F-Secure	8.0.14470.0	2009.06.16	Trojan-SMS.J2ME.Swapi.e
Fortinet	3.117.0.0	2009.06.16	-
GData	19	2009.06.16	-
Ikarus	T3.1.1.59.0	2009.06.16	Trojan-SMS
Jiangmin	11.0.706	2009.06.16	-
K7AntiVirus	7.10.765	2009.06.16	-
Kaspersky	7.0.0.125	2009.06.16	Trojan-SMS.J2ME.Swapi.e
McAfee	5648	2009.06.16	-
McAfee+Artemis	5648	2009.06.16	-
McAfee-GW-Edition	6.7.6	2009.06.16	-
Microsoft	1.4701	2009.06.16	Trojan:Java/Swapi.D
NOD32	4160	2009.06.16	-
Norman	6.01.09	2009.06.16	-
nProtect	2009.1.8.0	2009.06.16	-
Panda	10.0.0.14	2009.06.16	-
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.16	-
Rising	21.34.13.00	2009.06.16	-
Sophos	4.42.0	2009.06.16	-
Sunbelt	3.2.1858.2	2009.06.16	-
Symantec	1.4.4.12	2009.06.16	-
TheHacker	6.3.4.3.345	2009.06.15	-
TrendMicro	8.950.0.1094	2009.06.16	-
VBA32	3.12.10.7	2009.06.16	-
ViRobot	2009.6.16.1789	2009.06.16	-
VirusBuster	4.6.5.0	2009.06.16	-

Дополнительная информация
File size: 2611 bytes
MD5...: 09a1965eb43cda5da481f457247e749f
SHA1..: d7bf7fc7735e5a84e63319c330adb94814fd71eb
SHA256: 8d92b41a86a05c52b2392f6e0a39b7c3e77d22ee4443b56c53 8552beea25618d
ssdeep: - 
PEiD..: -
TrID..: File type identification Java Archive (78.3%) ZIP compressed archive (21.6%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set -

ЗЫ. Как уже достали эти смс-трои..

**senyak** · 17.06.2009, 11:44

Файл 111 получен 2009.06.17 07:38:58 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.17 Virus.JS.Decdec.A!IK
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 HTML/Crypted.Gen
Antiy-AVL 2.0.3.1 2009.06.16 -
Authentium 5.1.2.4 2009.06.16 -
Avast 4.8.1335.0 2009.06.16 -
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1348 2009.06.17 Unclassified Malware
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.16 -
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.16 -
F-Secure 8.0.14470.0 2009.06.17 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.17 Virus.JS.Decdec.A
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.765 2009.06.16 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5648 2009.06.16 Exploit-IFrame.gen.c
McAfee+Artemis 5648 2009.06.16 Exploit-IFrame.gen.c
McAfee-GW-Edition 6.7.6 2009.06.17 Heuristic.Script.Crypted
Microsoft 1.4701 2009.06.17 -
NOD32 4160 2009.06.16 -
Norman 6.01.09 2009.06.16 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.16 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.17 -
Rising 21.34.21.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 Troj/Decdec-A
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.347 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1791 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.16 -

Дополнительная информация
File size: 1415 bytes
MD5...: 96d22822880e75d8eefe4928302a5f51
SHA1..: 4c059e1c637636822ae99a882f54bd9c30d859d8
SHA256: 96f3a2f941e946bb0df563a7cc74817dff7c92e2c9f0f990d2 e21bfad382eebd
ssdeep: -
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

**PavelA** · 17.06.2009, 14:33

Сегодняшний улов:
Src=C:\windows\system32\drivers\MSIVXjgvuhkorridxb npytpedckukvxibtwwg.sys

Файл avz00002.dta получен 2009.06.17 10:29:11 (UTC)

Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.17 Trojan.WinNT!IK
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.16 -
Avast 4.8.1335.0 2009.06.16 Win32:Alureon-BS
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1349 2009.06.17 -
DrWeb 5.0.0.12182 2009.06.17 Trojan.Packed.2479
eSafe 7.0.17.0 2009.06.16 Suspicious File
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.16 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 Win32:Alureon-BS
Ikarus T3.1.1.59.0 2009.06.17 Trojan.WinNT
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.765 2009.06.16 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5648 2009.06.16 -
McAfee+Artemis 5648 2009.06.16 -
McAfee-GW-Edition 6.7.6 2009.06.17 Trojan.LooksLike.Vundo
Microsoft 1.4701 2009.06.17 VirTool:Win32/Obfuscator.ET
NOD32 4161 2009.06.17 -
Norman 6.01.09 2009.06.16 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.16 -
Prevx 3.0 2009.06.17 -
Rising 21.34.22.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.347 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.16 Rootkit.Alureon.Gen!Pac.2

**ISO** · 17.06.2009, 14:59

Сидел в автозагрузке и устанавливал соединение с ip 78.129.158.88
File winamp1.exe received on 2009.06.17 10:47:43 (UTC)

Код:

Antivirus 	Version 	Last Update 	Result

a-squared	4.5.0.18	2009.06.17	Virus.Worm.Win32.AutoRun!IK
AhnLab-V3	5.0.0.2	2009.06.17	-
AntiVir	7.9.0.187	2009.06.17	Worm/Autorun.apui
Antiy-AVL	2.0.3.1	2009.06.17	-
Authentium	5.1.2.4	2009.06.16	-
Avast	4.8.1335.0	2009.06.16	-
AVG	8.5.0.339	2009.06.17	Worm/Generic.ABYX
BitDefender	7.2	2009.06.17	-
CAT-QuickHeal	10.00	2009.06.17	Worm.AutoRun.apui
ClamAV	0.94.1	2009.06.17	-
Comodo	1349	2009.06.17	-
DrWeb	5.0.0.12182	2009.06.17	Trojan.MulDrop.31990
eSafe	7.0.17.0	2009.06.16	-
eTrust-Vet	31.6.6564	2009.06.17	-
F-Prot	4.4.4.56	2009.06.16	-
Fortinet	3.117.0.0	2009.06.17	W32/AutoRun.APUI!worm
GData	19	2009.06.17	-
Ikarus	T3.1.1.59.0	2009.06.17	Virus.Worm.Win32.AutoRun
Jiangmin	11.0.706	2009.06.17	-
K7AntiVirus	7.10.765	2009.06.16	-
Kaspersky	7.0.0.125	2009.06.17	Worm.Win32.AutoRun.apui
McAfee	5648	2009.06.16	-
McAfee+Artemis	5648	2009.06.16	Artemis!0B988853939D
McAfee-GW-Edition	6.7.6	2009.06.17	Worm.Autorun.apui
Microsoft	1.4701	2009.06.17	-
NOD32	4162	2009.06.17	a variant of Win32/Injector.QJ
Norman	6.01.09	2009.06.16	-
nProtect	2009.1.8.0	2009.06.17	-
Panda	10.0.0.14	2009.06.16	Suspicious file
PCTools	4.4.2.0	2009.06.12	-
Prevx	3.0	2009.06.17	Email High Risk Worm
Rising	21.34.23.00	2009.06.17	-
Sophos	4.42.0	2009.06.17	-
Sunbelt	3.2.1858.2	2009.06.17	-
Symantec	1.4.4.12	2009.06.17	-
TheHacker	6.3.4.3.347	2009.06.17	-
TrendMicro	8.950.0.1094	2009.06.17	-
VBA32	3.12.10.7	2009.06.17	-
ViRobot	2009.6.17.1792	2009.06.17	-
VirusBuster	4.6.5.0	2009.06.16	-

Additional information
File size: 163880 bytes
MD5...: 0b988853939d6c5f8c96fb902e76b9f6
SHA1..: 547283cc8048c8fb11106b4bbc4097bf605804d1
SHA256: 2c23a6661783d7c77dae7ca939018f838c3ca5745e8882e548 a11cbe3c9373b2
ssdeep: 3072:BN87KddemDnj6+x6KhkqzhvABKHXDLYaIO+PWzOM

87K7FD2QGK3lIA
PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1618
timedatestamp.....: 0x4a1f9bc1 (Fri May 29 08:24:33 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xebec 0xf000 5.47 350af5f7907d11a42a44315d2f81b0a8
.data 0x10000 0x50c 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x11000 0x16e89 0x17000 7.23 3c6ba12817cc927e204c80b3cb1930cb

( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaSetSystemError, __vbaRecDestruct, __vbaHresultCheckObj, __vbaVargVarCopy, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, -, _CIsin, -, __vbaErase, -, __vbaVarZero, __vbaChkstk, -, __vbaFileClose, __vbaGenerateBoundsError, __vbaStrCmp, __vbaPutOwner3, __vbaAryConstruct2, -, __vbaI2I4, DllFunctionCall, -, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, __vbaRecUniToAnsi, __vbaUI1I2, _CIsqrt, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaInStrVar, __vbaUbound, __vbaStrVarVal, __vbaGetOwner3, __vbaVarCat, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, -, -, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaI4Str, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaI4Var, __vbaVarCmpEq, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaAryVarVarg, __vbaFpI4, __vbaVarCopy, -, _CIatan, __vbaAryCopy, __vbaStrMove, __vbaStrVarCopy, -, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeObj, __vbaI4ErrVar, __vbaFreeStr

( 0 exports )
PDFiD.: -

**senyak** · 17.06.2009, 18:06

Файл AgentSetup.exe получен 2009.06.17 13:52:41 (UTC)
Текущий статус: закончено
Результат: 7/41 (17.07%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.17 -
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.16 -
Avast 4.8.1335.0 2009.06.16 -
AVG 8.5.0.339 2009.06.17 Downloader.Agent2.DFN
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1350 2009.06.17 -
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.17 -
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.16 -
F-Secure 8.0.14470.0 2009.06.17 AdWare.Win32.Reklosoft.s
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.17 not-a-virus:AdWare.Win32.Reklosoft
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.765 2009.06.16 -
Kaspersky 7.0.0.125 2009.06.17 not-a-virus:AdWare.Win32.Reklosoft.s
McAfee 5648 2009.06.16 -
McAfee+Artemis 5648 2009.06.16 -
McAfee-GW-Edition 6.7.6 2009.06.17 -
Microsoft 1.4701 2009.06.17 BrowserModifier:Win32/Kerlofost
NOD32 4162 2009.06.17 -
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.16 Trj/CI.A
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.17 -
Rising 21.34.24.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.347 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.16 -

Дополнительная информация
File size: 1747415 bytes
MD5 : e1e9a39388aab756728fc714afebb6d2
SHA1 : d40d69b0c77685fba67bfc421181691967abc758
SHA256: 1aa26e8015a9f73b18011ec389d7db133576dd774be291a469 921351066f6bf0
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x30CB
timedatestamp.....: 0x498A480F (Thu Feb 5 02:59:43 2009)
machinetype.......: 0x14C (Intel I386)

**valho** · 18.06.2009, 00:08

File InfinityOptimizer_Install.exe received on 2009.06.17 19:53:26 (UTC)
Current status: Finished
Result: 0/41 (0%)

a-squared 4.5.0.18 2009.06.17 -
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.17 -
Avast 4.8.1335.0 2009.06.17 -
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1356 2009.06.17 -
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.17 -
eTrust-Vet 31.6.6564 2009.06.17 -
F-Prot 4.4.4.56 2009.06.17 -
F-Secure 8.0.14470.0 2009.06.17 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.17 -
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5649 2009.06.17 -
McAfee+Artemis 5649 2009.06.17 -
McAfee-GW-Edition 6.7.6 2009.06.17 -
Microsoft 1.4701 2009.06.17 -
NOD32 4164 2009.06.17 -
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.17 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.17 -
Rising 21.34.24.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.17 -

Additional information
File size: 9342397 bytes
MD5...: e67b1b23a53f3fbfd035cea9978730d1
SHA1..: 87cd1babf3da178ad3cc820df6d194f566981f7c
SHA256: 8b8fbe2770a4897dcb4a2c0271c1fac590500c8a86231168e2 1f206b515f040b
ssdeep: 196608:7+QX7Fc/XeNXJ056S4V0GURIbTxSReyEus8:7+hedSy0PkTgdh
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
packers (Kaspersky): ASPack
RDS : NSRL Reference Data Set
-

**Torvic99** · 18.06.2009, 10:56

Вчера поймал, нод отреагировал эвристикой. касперский уже знает

Файл codec.exe получен 2009.06.18 06:29:18 (UTC)

Антивирус Версия Обновление Результат

a-squared 4.5.0.18 2009.06.18 Trojan-Downloader.Win32.FakeRean!IK
AhnLab-V3 5.0.0.2 2009.06.17-
AntiVir 7.9.0.187 2009.06.17 TR/Drop.Agent.sca
Antiy-AVL 2.0.3.1 2009.06.17-
Authentium 5.1.2.4 2009.06.17-
Avast 4.8.1335.0 2009.06.17 Win32:Trojan-gen {Other}
AVG 8.5.0.339 2009.06.17 Generic13.BIIQ
BitDefender 7.2 2009.06.18 Gen:Trojan.Heur.6035CA9FEE
CAT-QuickHeal 10.00 2009.06.18 TrojanDownloader.FraudLoad.er
ClamAV 0.94.1 2009.06.18-
Comodo 1360 2009.06.18-
DrWeb 5.0.0.12182 2009.06.17-
eSafe 7.0.17.0 2009.06.17 Suspicious File
eTrust-Vet 31.6.6566 2009.06.17-
F-Prot 4.4.4.56 2009.06.17-
F-Secure 8.0.14470.0 2009.06.18 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2009.06.18 W32/FakeAlert.CM!tr
GData 19 2009.06.18 Gen:Trojan.Heur.6035CA9FEE
Ikarus T3.1.1.59.0 2009.06.18 Trojan-Downloader.Win32.FakeRean
Jiangmin 11.0.706 2009.06.18-
K7AntiVirus 7.10.766 2009.06.17-
Kaspersky 7.0.0.125 2009.06.18 Trojan-Downloader.Win32.FraudLoad.erk
McAfee 5649 2009.06.17 FakeAlert-CM
McAfee+Artemis 5649 2009.06.17 FakeAlert-CM
McAfee-GW-Edition 6.7.6 2009.06.18 Trojan.Drop.Agent.sca
Microsoft 1.4701 2009.06.18 TrojanDownloader:Win32/FakeRean
NOD32 4165 2009.06.18 a variant of Win32/Kryptik.SM
Norman 6.01.09 2009.06.17-
nProtect 2009.1.8.0 2009.06.18-
Panda 10.0.0.14 2009.06.17 Trj/CI.A
PCTools 4.4.2.0 2009.06.17-
Prevx 3.0 2009.06.18 Medium Risk Malware
Rising 21.34.30.00 2009.06.18-
Sophos 4.42.0 2009.06.18 Mal/EncPk-IF
Sunbelt 3.2.1858.2 2009.06.18-
Symantec 1.4.4.12 2009.06.18 Packed.Generic.233
TheHacker6.3.4.3.3482009.06.17-
TrendMicro 8.950.0.1094 2009.06.18-
VBA32 3.12.10.7 2009.06.18-
ViRobot 2009.6.18.1793 2009.06.18-
VirusBuster 4.6.5.0 2009.06.17 Trojan.DL.FakeRean.AM

Дополнительная информация File size: 110595 bytesMD5...: a5d3bcee3d8575f1968be7b7ab3c5853SHA1..: 432f7e19c3e2d47a2d0487cb7901fddc01e52a52SHA256: d65c3ab383bf49324000daf49aa6cd6bb847f1356c6085fbb2 87c516d5507125ssdeep: 3072:n1YSbUICy81sygYL0d95QlC06MszFi9X3kuJm:n17bUIC y81fLy9kVOzmG

PEiD..: -TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12ed
timedatestamp.....: 0x43d993ec (Fri Jan 27 03:30:52 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.code 0x1000 0x335a 0x3400 7.91 61f0ffd0beb12d37c141cb75bb882c50
.data 0x5000 0x200c1 0x11000 7.97 c28b94d54df38b16074c5b1ce6d4bb05
.idata 0x26000 0x40a 0x800 2.86 6a81227795348858e818129431137fa3
.rsrc 0x27000 0x58c4 0x5c00 5.54 17ccac79d64ab5b23c65817537ed0abf
.reloc 0x2d000 0x20 0x400 0.17 6b6622984ce1ab52d6f81eb6c3512d72

( 3 imports )
>KERNEL32.DLL: WriteConsoleW, ExpandEnvironmentStringsA,QueryPerformanceCounter, GetStdHandle, GetSystemDefaultLangID,GlobalUnlock, CreateDirectoryW, GetCommandLineA, GetTickCount,GetDateFormatW, ReadFile, GetCurrentProcessId,GetFileInformationByHandle, TlsSetValue, ExitProcess, SleepEx,VirtualProtect, LocalFileTimeToFileTime, GetSystemTime,GetCurrentDirectoryA
> USER32.DLL: MessageBoxW, CallWindowProcW,GetWindowLongW, IsRectEmpty, GetWindowPlacement, LoadBitmapW,RegisterClassExW, SetWindowRgn, GetMenu, SetScrollPos, EndDialog,GetClassInfoExW, GetWindowRect, CharNextW, GetScrollInfo
> MSVCRT.DLL: _wcsicmp, _amsg_exit, realloc, _wtol, exit, strchr, _adjust_fdiv

( 0 exports )
PDFiD.: -RDS...: NSRL Reference Data Set
-Prevxinfo: <ahref='http://info.prevx.com/aboutprogramtext.asp?PX5=DF790C5703182127B074019C5 ED2B00025DF6F75'target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=DF790C5703182127B074019C5 ED2B00025DF6F75</a>

**PavelA** · 18.06.2009, 18:12

Src=C:\Documents and Settings\user\Application Data\sdra64.exe из "Помогите"

Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.18 -
AhnLab-V3 5.0.0.2 2009.06.18 -
AntiVir 7.9.0.191 2009.06.18 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.06.18 -
Authentium 5.1.2.4 2009.06.17 -
Avast 4.8.1335.0 2009.06.17 Win32:Walivun
AVG 8.5.0.339 2009.06.17 Injector.EG
BitDefender 7.2 2009.06.18 Gen:Trojan.Heur.Hype.A097686868
CAT-QuickHeal 10.00 2009.06.18 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.06.18 -
Comodo 1361 2009.06.18 -
DrWeb 5.0.0.12182 2009.06.18 -
eSafe 7.0.17.0 2009.06.17 Suspicious File
eTrust-Vet 31.6.6566 2009.06.17 -
F-Prot 4.4.4.56 2009.06.17 -
Fortinet 3.117.0.0 2009.06.18 -
GData 19 2009.06.18 Gen:Trojan.Heur.Hype.A097686868
Ikarus T3.1.1.59.0 2009.06.18 -
Jiangmin 11.0.706 2009.06.18 -
K7AntiVirus 7.10.766 2009.06.17 -
McAfee 5649 2009.06.17 Generic Obfuscated.b
McAfee+Artemis 5649 2009.06.17 Generic Obfuscated.b
McAfee-GW-Edition 6.7.6 2009.06.18 Trojan.Dropper.Gen
Microsoft 1.4701 2009.06.18 PWS:Win32/Zbot.PJ
NOD32 4165 2009.06.18 a variant of Win32/Kryptik.QN
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.18 -
Panda 10.0.0.14 2009.06.17 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.18 -
Rising 21.34.30.00 2009.06.18 -
Sophos 4.42.0 2009.06.18 Mal/WaledPak-A
Sunbelt 3.2.1858.2 2009.06.18 -
Symantec 1.4.4.12 2009.06.18 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.18 -
VBA32 3.12.10.7 2009.06.18 Trojan.Win32.Waledac
ViRobot 2009.6.18.1793 2009.06.18 -
VirusBuster 4.6.5.0 2009.06.17 -

Странно сегодня ВТ работает. Сканер Касперского куда-то делся.

Добавлено через 5 часов 30 минут

Src=C:\WINDOWS\system32\browsew.dll из "Помогите"

a-squared 4.5.0.18 2009.06.18 Trojan-Dropper.Delf!IK
AhnLab-V3 5.0.0.2 2009.06.18 -
AntiVir 7.9.0.191 2009.06.18 DR/Delphi.Gen
Antiy-AVL 2.0.3.1 2009.06.18 -
Authentium 5.1.2.4 2009.06.18 W32/Delf.G.gen!Eldorado
Avast 4.8.1335.0 2009.06.17 Win32:Rootkit-gen
AVG 8.5.0.339 2009.06.18 Dropper.Rozena
BitDefender 7.2 2009.06.18 -
CAT-QuickHeal 10.00 2009.06.18 -
ClamAV 0.94.1 2009.06.18 -
Comodo 1363 2009.06.18 -
DrWeb 5.0.0.12182 2009.06.18 -
eSafe 7.0.17.0 2009.06.18 -
eTrust-Vet 31.6.6567 2009.06.18 Win32/QQPass.BDW
F-Prot 4.4.4.56 2009.06.17 W32/Delf.G.gen!Eldorado
F-Secure 8.0.14470.0 2009.06.18 -
Fortinet 3.117.0.0 2009.06.18 -
GData 19 2009.06.18 Win32:Rootkit-gen
Ikarus T3.1.1.59.0 2009.06.18 Trojan-Dropper.Delf
Jiangmin 11.0.706 2009.06.18 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.18 -
McAfee 5649 2009.06.17 Generic Dropper.fz
McAfee+Artemis 5649 2009.06.17 Generic Dropper.fz
McAfee-GW-Edition 6.7.6 2009.06.18 Trojan.Dropper.Delphi.Gen
Microsoft 1.4701 2009.06.18 -
NOD32 4167 2009.06.18 -
Norman 6.01.09 2009.06.18 -
nProtect 2009.1.8.0 2009.06.18 -
Panda 10.0.0.14 2009.06.17 Generic Trojan
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.18 -
Rising 21.34.34.00 2009.06.18 Trojan.PSW.Win32.QQPass.qii
Sophos 4.42.0 2009.06.18 -
Sunbelt 3.2.1858.2 2009.06.18 -
Symantec 1.4.4.12 2009.06.18 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.18 -
VBA32 3.12.10.7 2009.06.18 -
ViRobot 2009.6.18.1794 2009.06.18 -
VirusBuster 4.6.5.0 2009.06.18 Trojan.DR.Delf.Gen.7

**Kuzz** · 18.06.2009, 19:36

Файл foto20.scr получен 2009.06.18 15:35:54 (UTC)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	4.5.0.18	2009.06.18	-
AhnLab-V3	5.0.0.2	2009.06.18	-
AntiVir	7.9.0.191	2009.06.18	-
Antiy-AVL	2.0.3.1	2009.06.18	-
Authentium	5.1.2.4	2009.06.18	-
Avast	4.8.1335.0	2009.06.17	-
AVG	8.5.0.339	2009.06.18	-
BitDefender	7.2	2009.06.18	-
CAT-QuickHeal	10.00	2009.06.18	-
ClamAV	0.94.1	2009.06.18	-
Comodo	1364	2009.06.18	-
DrWeb	5.0.0.12182	2009.06.18	Trojan.Packed.2480
eSafe	7.0.17.0	2009.06.18	-
eTrust-Vet	31.6.6567	2009.06.18	-
F-Prot	4.4.4.56	2009.06.17	-
F-Secure	8.0.14470.0	2009.06.18	-
Fortinet	3.117.0.0	2009.06.18	-
GData	19	2009.06.18	-
Ikarus	T3.1.1.59.0	2009.06.18	-
Jiangmin	11.0.706	2009.06.18	-
K7AntiVirus	7.10.766	2009.06.17	-
Kaspersky	7.0.0.125	2009.06.18	-
McAfee	5649	2009.06.17	-
McAfee+Artemis	5649	2009.06.17	-
McAfee-GW-Edition	6.7.6	2009.06.18	Win32.Malware.gen (suspicious)
Microsoft	1.4701	2009.06.18	VirTool:Win32/Obfuscator.FL
NOD32	4167	2009.06.18	-
Norman	6.01.09	2009.06.18	-
nProtect	2009.1.8.0	2009.06.18	-
Panda	10.0.0.14	2009.06.18	-
PCTools	4.4.2.0	2009.06.17	-
Prevx	3.0	2009.06.18	-
Rising	21.34.34.00	2009.06.18	-
Sophos	4.42.0	2009.06.18	-
Sunbelt	3.2.1858.2	2009.06.18	-
Symantec	1.4.4.12	2009.06.18	-
TheHacker	6.3.4.3.348	2009.06.17	-
TrendMicro	8.950.0.1094	2009.06.18	-
VBA32	3.12.10.7	2009.06.18	Malware-Cryptor.Win32.Vals.3
ViRobot	2009.6.18.1794	2009.06.18	-
VirusBuster	4.6.5.0	2009.06.18	-

Дополнительная информация
File size: 224768 bytes
MD5...: 28777e565ee8ea3e6f023d1c18afcf3f
SHA1..: 09b292f2948b81cb20c2f3f0591cf6e4928edf48
SHA256: bfab24d3610cfc7bb6413f83ffb0e0c8e5a94d6e04b1531039 0520108dada898
ssdeep: 6144:Ck+1qk930Yd3f3WfwG7HywYWfVeSsh3T5m:Ck+P3+fwo/HVezh3T5m 
PEiD..: -
TrID..: File type identification Win32 Executable Generic (38.3%) Win32 Dynamic Link Library (generic) (34.1%) Win16/32 Executable Delphi generic (9.3%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000 timedatestamp.....: 0x48554930 (Sun Jun 15 16:54:08 200

machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x35000 0x35000 5.90 52154a290c0de9a4aeda8ab0f191bea7 .rdata 0x36000 0x1000 0x200 1.15 3d4c2b6aa8cdafebcbe808bd480f6c0f .data 0x37000 0x1000 0x400 2.65 fbd44e8819bde55b78ec5e9e3a229c38 .rsrc 0x38000 0x36000 0x1400 3.81 2971fd64c858af83ad92968515511bce ( 1 imports ) > kernel32.dll: GetProcAddress, LoadLibraryA ( 0 exports ) 
PDFiD.: -
RDS...: NSRL Reference Data Set -

**senyak** · 18.06.2009, 23:46

Файл Jimm2009.jar получен 2009.06.18 19:41:08 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.18 2009.06.18 -
AhnLab-V3 5.0.0.2 2009.06.18 -
AntiVir 7.9.0.191 2009.06.18 -
Antiy-AVL 2.0.3.1 2009.06.18 Trojan/J2ME.Swapi
Authentium 5.1.2.4 2009.06.18 -
Avast 4.8.1335.0 2009.06.18 Other:Malware-gen
AVG 8.5.0.339 2009.06.18 Java/Swapi
BitDefender 7.2 2009.06.18 -
CAT-QuickHeal 10.00 2009.06.18 -
ClamAV 0.94.1 2009.06.18 -
Comodo 1367 2009.06.18 TrojWare.J2ME.SMS.Swapi.n
DrWeb 5.0.0.12182 2009.06.18 Java.SmsFlood
eSafe 7.0.17.0 2009.06.18 -
eTrust-Vet 31.6.6567 2009.06.18 -
F-Prot 4.4.4.56 2009.06.18 -
F-Secure 8.0.14470.0 2009.06.18 Trojan-SMS.J2ME.Swapi.n
Fortinet 3.117.0.0 2009.06.18 Java/Swapi.N!tr
GData 19 2009.06.18 Other:Malware-gen
Ikarus T3.1.1.59.0 2009.06.18 Trojan-SMS
Jiangmin 11.0.706 2009.06.18 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.18 Trojan-SMS.J2ME.Swapi.n
McAfee 5650 2009.06.18 -
McAfee+Artemis 5650 2009.06.18 -
McAfee-GW-Edition 6.7.6 2009.06.18 -
Microsoft 1.4701 2009.06.18 -
NOD32 4168 2009.06.18 -
Norman 6.01.09 2009.06.18 -
nProtect 2009.1.8.0 2009.06.18 -
Panda 10.0.0.14 2009.06.18 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.18 -
Rising 21.34.34.00 2009.06.18 -
Sophos 4.42.0 2009.06.18 -
Sunbelt 3.2.1858.2 2009.06.18 -
Symantec 1.4.4.12 2009.06.18 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.18 -
VBA32 3.12.10.7 2009.06.18 -
ViRobot 2009.6.18.1794 2009.06.18 -
VirusBuster 4.6.5.0 2009.06.18 -

Дополнительная информация
File size: 135729 bytes
MD5...: 474815affb2614459241a04bab355400
SHA1..: a1c56600e9259931f5bf42b40bb78f9693c051b0
SHA256: e0abc06bbb2d05f43d9d20edd7c28aa75b8e0920c13ded05a7 41bf408db9c8d1
ssdeep: 3072:EYzNg2B5XHj04ANArHJ+ga5h90VX0KgblXQcjkVtr4wk7 gr9:RzNRB5lAir
p+garRKOdljkVd4wkM9
PEiD..: -
TrID..: File type identification
Java Archive (78.2%)
ZIP compressed archive (21.5%)
Sybase iAnywhere database files (0.1%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

**valho** · 19.06.2009, 12:32

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\G1Q9SRO7\dakxxly[1].txt
После заражения блокируют IP

File op.php received on 2009.06.19 08:20 :20 (UTC)
Current status:finished
Result: 21/41 (51.22%)

a-squared 4.5.0.18 2009.06.19 Trojan.Crypt!IK
AhnLab-V3 5.0.0.2 2009.06.19 -
AntiVir 7.9.0.191 2009.06.19 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.1 2009.06.18 -
Authentium 5.1.2.4 2009.06.19 -
Avast 4.8.1335.0 2009.06.18 Win32:Crypt-EKF
AVG 8.5.0.339 2009.06.18 -
BitDefender 7.2 2009.06.19 -
CAT-QuickHeal 10.00 2009.06.19 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.06.19 -
Comodo 1370 2009.06.19 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.06.19 -
eSafe 7.0.17.0 2009.06.18 Win32.TRCrypt.ZPACK
eTrust-Vet 31.6.6568 2009.06.19 Win32/SillyDl.NYH
F-Prot 4.4.4.56 2009.06.19 -
F-Secure 8.0.14470.0 2009.06.18 -
Fortinet 3.117.0.0 2009.06.19 W32/DwnLdr.HTD!tr
GData 19 2009.06.19 Win32:Crypt-EKF
Ikarus T3.1.1.59.0 2009.06.19 Trojan.Crypt
Jiangmin 11.0.706 2009.06.19 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.19 -
McAfee 5650 2009.06.18 Generic.dx!lz
McAfee+Artemis 5650 2009.06.18 Generic.dx!lz
McAfee-GW-Edition 6.7.6 2009.06.19 Trojan.Crypt.ZPACK.Gen
Microsoft 1.4701 2009.06.19 VirTool:Win32/Obfuscator.FM
NOD32 4169 2009.06.19 -
Norman 6.01.09 2009.06.18 W32/Smalltroj.ONTT
nProtect 2009.1.8.0 2009.06.19 -
Panda 10.0.0.14 2009.06.18 Suspicious file
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.19 High Risk Cloaked Malware
Rising 21.34.41.00 2009.06.19 -
Sophos 4.42.0 2009.06.19 Troj/DwnLdr-HTD
Sunbelt 3.2.1858.2 2009.06.18 -
Symantec 1.4.4.12 2009.06.19 Trojan Horse
TheHacker 6.3.4.3.348 2009.06.19 -
TrendMicro 8.950.0.1094 2009.06.19 TROJ_DLDR.DM
VBA32 3.12.10.7 2009.06.19 -
ViRobot 2009.6.19.1795 2009.06.19 -
VirusBuster 4.6.5.0 2009.06.18 Trojan.ZPACK.CFP

Additional information
File size: 10752 bytes
MD5...: 87bf948b9ec456b83942056a41748a12
SHA1..: 84c4eb5a7d392f5d642eae9f7c86539637154d9a
SHA256: ec644ee2163e735eb998f8769362f1513ce0d2b914a8a6dcb4 73e5470669d177
ssdeep: 192:biUVPNuluNtn73hwMHb/HyK5XhGYxsoqp:btPNuluNtnD2aDH3hGO0p
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x160d
timedatestamp.....: 0x4a34cff0 (Sun Jun 14 10:24:48 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8c0 0xa00 6.00 e7be871cceb9b48f97ada18eef6984bc
.rdata 0x2000 0x1c4 0x200 4.11 81f2061221431ad5f0743f356b0951b6
.data 0x3000 0x236d4 0x1600 7.11 dbf6a8f35a7d93f32a1d446dfa9f1cb1
.rsrc 0x27000 0x318 0x400 2.61 e369ef3a7e454143572e4e85b736b25b

( 1 imports )
> KERNEL32.dll: ExitProcess, GetLastError, CloseHandle, WriteFile, CreateFileA, GetTempPathA, GetTickCount, HeapFree, GetProcAddress, HeapAlloc, GetProcessHeap

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: http://www.threatexpert.com/report.a...42056a41748a12

Исследование антивирусов 7

Опции темы

Похожие темы

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 4

Исследование антивирусов 3

Исследование антивирусов 2

Метки для этой темы

Ваши права в разделе