Исследование антивирусов 5

**anton_dr** · 08.01.2007, 15:41

Сообщение от Geser

В общем думал я думал как сделать более-менее объективную оценку антивирусов, и кое что придумал. Вот в эту тему прошу всех постить результаты проверки зверей которые были пойманы исключительно ручками. Т.е. которых не видел установленный на компютере антивирус. Так выборка будет по настоящему случайной.

Постить в эту тему результаты проверки файлов исключительно пойманных руками на компьютерах.

Не постить результаты проверки файлов найденных на других сайтах или в коллекциях.
Не постить результаты проверки файлов изначально найденных антивирусом.

Продолжим в новой теме, так как появились новые действующие лица.
Предыдущий топик здесь. Результаты его в прикрепленном файле. Спасибо Shu_b за титанический труд

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**borka** · 08.01.2007, 16:30

Сообщение от anton_dr

Спасибо Shu_b за титанический труд

Shu_b, респект.

**Winsent** · 08.01.2007, 22:30

Antivirus Version Update Result

AntiVir 7.3.0.21 01.08.2007 TR/Dldr.Injloader.A
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.08.2007 no virus found
BitDefender 7.2 01.08.2007 no virus found
CAT-QuickHeal 9.00 01.08.2007 TrojanDownloader.Agent.aii
ClamAV devel-20060426 01.08.2007 no virus found
DrWeb 4.33 01.08.2007 Trojan.DownLoader.17213
eSafe 7.0.14.0 01.08.2007 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.107 01.06.2007 no virus found
eTrust-Vet 30.3.3311 01.08.2007 no virus found
Ewido 4.0 01.08.2007 Downloader.Agent.aii
Fortinet 2.82.0.0 01.08.2007 no virus found
F-Prot 3.16f 01.05.2007 no virus found
F-Prot4 4.2.1.29 01.05.2007 no virus found
Ikarus T3.1.0.27 01.08.2007 no virus found
Kaspersky 4.0.2.24 01.08.2007 no virus found
McAfee 4934 01.08.2007 no virus found
Microsoft 1.1904 01.07.2007 no virus found
NOD32v2 1963 01.08.2007 no virus found
Norman 5.80.02 12.31.2007 W32/Malware
Panda 9.0.0.4 01.07.2007 Suspicious file
Prevx1 V2 01.08.2007 no virus found
Sophos 4.13.0 01.05.2007 Mal/Behav-080
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.146 01.08.2007 no virus found
UNA 1.83 01.06.2007 no virus found
VBA32 3.11.1 01.08.2007 no virus found
VirusBuster 4.3.19:9 01.08.2007 no virus found

Aditional Information
File size: 23552 bytes
MD5: 073bc4974a0c451b0f1145338f19ef53
SHA1: e1fc27d75f1aee86935554726c103cd30ed56883
packers: UPX
packers: UPX
packers: UPX
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Decompressing UPX.
* File length: 23552 bytes.

[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.

**Winsent** · 09.01.2007, 10:20

Complete scanning result of "mail.exe", received in VirusTotal at 01.09.2007, 08:17:19 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.21 01.08.2007 TR/PSW.LdPinch.bjf
Authentium 4.93.8 12.30.2006 could be a corrupted executable file
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.08.2007 PSW.Ldpinch.DHV
BitDefender 7.2 01.09.2007 Trojan.PSW.LdPinch.A
CAT-QuickHeal 9.00 01.08.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 01.09.2007 no virus found
DrWeb 4.33 01.09.2007 no virus found
eSafe 7.0.14.0 01.08.2007 Win32.LdPinch.bjf
eTrust-InoculateIT 23.73.109 01.09.2007 no virus found
eTrust-Vet 30.3.3313 01.09.2007 no virus found
Ewido 4.0 01.08.2007 no virus found
Fortinet 2.82.0.0 01.09.2007 W32/LdPinch.BJF!tr.pws
F-Prot 3.16f 01.08.2007 Possibly a new variant of W32/CrazyCrunch-based!Maximus
F-Prot4 4.2.1.29 01.09.2007 W32/CrazyCrunch-based!Maximus
Ikarus T3.1.0.27 01.09.2007 Trojan-PSW.Win32.LdPinch.bjf
Kaspersky 4.0.2.24 01.09.2007 Trojan-PSW.Win32.LdPinch.bjf
McAfee 4934 01.08.2007 no virus found
Microsoft 1.1904 01.09.2007 no virus found
NOD32v2 1963 01.08.2007 no virus found
Norman 5.80.02 12.31.2007 no virus found
Panda 9.0.0.4 01.08.2007 no virus found
Prevx1 V2 01.09.2007 no virus found
Sophos 4.13.0 01.05.2007 no virus found
Sunbelt 2.2.907.0 01.05.2007 VIPRE.Suspicious
TheHacker 6.0.3.146 01.08.2007 Trojan/PSW.LdPinch.bjf
UNA 1.83 01.06.2007 no virus found
VBA32 3.11.2 01.08.2007 no virus found
VirusBuster 4.3.19:9 01.08.2007 no virus found

Aditional Information
File size: 32287 bytes
MD5: eabd75799719ea4f61ac13d6e8fb95fb
SHA1: a407ac7ca8fcb44bfeef1b4c31064896a3b48d18
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**Winsent** · 09.01.2007, 17:52

Complete scanning result of "porno.scr", received in VirusTotal at 01.09.2007, 15:50:08 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.21 01.09.2007 TR/FwBypass.A.669
Authentium 4.93.8 12.30.2006 could be a corrupted executable file
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.09.2007 no virus found
BitDefender 7.2 01.09.2007 BehavesLike:Trojan.FirewallBypass
CAT-QuickHeal 9.00 01.09.2007 no virus found
ClamAV devel-20060426 01.09.2007 no virus found
DrWeb 4.33 01.09.2007 no virus found
eSafe 7.0.14.0 01.09.2007 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.109 01.09.2007 no virus found
eTrust-Vet 30.3.3313 01.09.2007 no virus found
Ewido 4.0 01.09.2007 no virus found
Fortinet 2.82.0.0 01.09.2007 suspicious
F-Prot 3.16f 01.08.2007 no virus found
F-Prot4 4.2.1.29 01.09.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 Trojan-PSW.Win32.LdPinch.apk
Kaspersky 4.0.2.24 01.09.2007 no virus found
McAfee 4934 01.08.2007 no virus found
Microsoft 1.1904 01.09.2007 no virus found
NOD32v2 1966 01.09.2007 no virus found
Norman 5.80.02 12.31.2007 no virus found
Panda 9.0.0.4 01.08.2007 no virus found
Prevx1 V2 01.09.2007 no virus found
Sophos 4.13.0 01.05.2007 no virus found
Sunbelt 2.2.907.0 01.05.2007 VIPRE.Suspicious
TheHacker 6.0.3.146 01.08.2007 no virus found
UNA 1.83 01.06.2007 no virus found
VBA32 3.11.2 01.09.2007 no virus found
VirusBuster 4.3.19:9 01.09.2007 no virus found

Aditional Information
File size: 53818 bytes
MD5: 5bf0802a969477b8b87d044abea0fd33
SHA1: 79306b7c7032f6f0ef99de08776d9c3c0aa2a844
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**Shu_b** · 10.01.2007, 06:36

Complete scanning result of "avz00006.dta", received in VirusTotal at 01.09.2007, 19:46:15 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 01.09.2007 no virus found
Authentium 4.93.8 01.09.2007 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.09.2007 Collected.9.AM
BitDefender 7.2 01.09.2007 no virus found
CAT-QuickHeal 9.00 01.09.2007 no virus found
ClamAV devel-20060426 01.09.2007 no virus found
DrWeb 4.33 01.09.2007 no virus found
eSafe 7.0.14.0 01.09.2007 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.109 01.09.2007 no virus found
eTrust-Vet 30.3.3313 01.09.2007 no virus found
Ewido 4.0 01.09.2007 no virus found
Fortinet 2.82.0.0 01.09.2007 suspicious
F-Prot 3.16f 01.09.2007 no virus found
F-Prot4 4.2.1.29 01.09.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.09.2007 no virus found
McAfee 4935 01.09.2007 no virus found
Microsoft 1.1904 01.09.2007 no virus found
NOD32v2 1967 01.09.2007 a variant of Win32/Spabot.NAC
Norman 5.80.02 12.31.2007 no virus found
Panda 9.0.0.4 01.09.2007 no virus found
Prevx1 V2 01.09.2007 no virus found
Sophos 4.13.0 01.05.2007 no virus found
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.146 01.08.2007 no virus found
UNA 1.83 01.09.2007 no virus found
VBA32 3.11.2 01.09.2007 no virus found
VirusBuster 4.3.19:9 01.09.2007 Trojan.DL.Obfusc.Gen.4

Aditional Information
File size: 90624 bytes
MD5: c733ec1bca41bc95c4da11cbe95654f4
SHA1: 82918417039ee57b4071650d42d4692601ee6ae6
packers: UPX

drweb - Trojan.Spambot

**Shu_b** · 10.01.2007, 10:41

Complete scanning result of "avz00009__1_._ta", received in VirusTotal at 01.10.2007, 08:28:03 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.09.2007 TR/Drop.WSO.A.2
Authentium 4.93.8 01.09.2007 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.09.2007 no virus found
BitDefender 7.2 01.10.2007 Trojan.Downloader.Agent.AEY
CAT-QuickHeal 9.00 01.09.2007 no virus found
ClamAV devel-20060426 01.09.2007 no virus found
DrWeb 4.33 01.10.2007 Trojan.Fakealert.229
eSafe 7.0.14.0 01.09.2007 Win32.Downloader
eTrust-InoculateIT 23.73.109 01.09.2007 no virus found
eTrust-Vet 30.3.3313 01.09.2007 no virus found
Ewido 4.0 01.09.2007 Adware.WorldSecurityOnline
Fortinet 2.82.0.0 01.10.2007 W32/FakeAlert
F-Prot 3.16f 01.09.2007 no virus found
F-Prot4 4.2.1.29 01.09.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.10.2007 not-a-virus:FraudTool.Win32.WorldSecurityOnline.c
McAfee 4935 01.09.2007 FakeAlert-G
Microsoft 1.1904 01.10.2007 no virus found
NOD32v2 1968 01.09.2007 Win32/TrojanDownloader.Zlob
Norman 5.80.02 12.31.2007 no virus found
Panda 9.0.0.4 01.09.2007 Application/AntiVermins
Prevx1 V2 01.10.2007 Generic.Zlob!DL
Sophos 4.13.0 01.05.2007 no virus found
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.146 01.08.2007 no virus found
UNA 1.83 01.10.2007 no virus found
VBA32 3.11.2 01.09.2007 no virus found
VirusBuster 4.3.19:9 01.09.2007 no virus found

Aditional Information
File size: 20992 bytes
MD5: 75128e61b82c63deacd8f4975a3e1a99
SHA1: 0c91b00ab6a888030bcda451853b7d46e523de2b

**Winsent** · 10.01.2007, 21:16

Complete scanning result of "setup.exe", received in VirusTotal at 01.10.2007, 19:16:10 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.21 01.09.2007 no virus found
Authentium 4.93.8 01.10.2007 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.10.2007 no virus found
BitDefender 7.2 01.10.2007 no virus found
CAT-QuickHeal 9.00 01.10.2007 no virus found
ClamAV devel-20060426 01.10.2007 no virus found
DrWeb 4.33 01.10.2007 no virus found
eSafe 7.0.14.0 01.10.2007 no virus found
eTrust-InoculateIT 23.73.110 01.10.2007 no virus found
eTrust-Vet 30.3.3316 01.10.2007 no virus found
Ewido 4.0 01.10.2007 no virus found
Fortinet 2.82.0.0 01.10.2007 no virus found
F-Prot 3.16f 01.10.2007 no virus found
F-Prot4 4.2.1.29 01.10.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.10.2007 no virus found
McAfee 4935 01.09.2007 no virus found
Microsoft 1.1904 01.10.2007 no virus found
NOD32v2 1970 01.10.2007 no virus found
Norman 5.80.02 01.10.2007 W32/Malware
Panda 9.0.0.4 01.09.2007 Suspicious file
Prevx1 V2 01.10.2007 no virus found
Sophos 4.13.0 01.10.2007 no virus found
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.146 01.08.2007 no virus found
UNA 1.83 01.10.2007 no virus found
VBA32 3.11.2 01.09.2007 no virus found
VirusBuster 4.3.19:9 01.10.2007 no virus found

Aditional Information
File size: 49152 bytes
MD5: 398c8390385d73aefce3712c6420076f
SHA1: 292bd5a7d56982a888272cc8134041c42cafddac
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 49152 bytes.

[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.

**Winsent** · 14.01.2007, 15:43

Complete scanning result of "Anna.scr", received in VirusTotal at 01.14.2007, 13:40:38 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.21 01.09.2007 HEUR/Crypted
Authentium 4.93.8 01.12.2007 no virus found
Avast 4.7.936.0 01.13.2007 Win32dPinch-NO
AVG 386 01.13.2007 no virus found
BitDefender 7.2 01.14.2007 MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal 9.00 01.12.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 01.14.2007 Trojan.Dropper.Agent-106
DrWeb 4.33 01.14.2007 Trojan.PWS.LDPinch.1217
eSafe 7.0.14.0 01.14.2007 Suspicious Trojan/Worm
eTrust-InoculateIT 23.73.113 01.13.2007 no virus found
eTrust-Vet 30.3.3324 01.12.2007 no virus found
Ewido 4.0 01.14.2007 no virus found
Fortinet 2.82.0.0 01.13.2007 no virus found
F-Prot 3.16f 01.12.2007 no virus found
F-Prot4 4.2.1.29 01.12.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.14.2007 Trojan-PSW.Win32.LdPinch.bfy
McAfee 4938 01.12.2007 no virus found
Microsoft 1.1904 01.14.2007 Win32/Ldpinch
NOD32v2 1977 01.13.2007 a variant of Win32/PSW.LdPinch.NCB
Norman 5.80.02 01.12.2007 no virus found
Panda 9.0.0.4 01.13.2007 Suspicious file
Prevx1 V2 01.14.2007 no virus found
Sophos 4.13.0 01.13.2007 Troj/LdPinch-PZ
Sunbelt 2.2.907.0 01.12.2007 VIPRE.Suspicious
TheHacker 6.0.3.148 01.14.2007 no virus found
UNA 1.83 01.12.2007 no virus found
VBA32 3.11.2 01.14.2007 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.19:9 01.13.2007 no virus found

Aditional Information
File size: 32256 bytes
MD5: 743b218ce24362d18399d169ac9dccb4
SHA1: bc82515174f5a50e3a8b5704263f16a185e80f94
packers: PECompact
packers: PECOMPACT
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**Winsent** · 15.01.2007, 20:21

Complete scanning result of "setup.exe", received in VirusTotal at 01.15.2007, 18:19:53 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.21 01.09.2007 no virus found
Authentium 4.93.8 01.15.2007 no virus found
Avast 4.7.936.0 01.15.2007 no virus found
AVG 386 01.15.2007 no virus found
BitDefender 7.2 01.15.2007 no virus found
CAT-QuickHeal 9.00 01.15.2007 no virus found
ClamAV devel-20060426 01.15.2007 no virus found
DrWeb 4.33 01.15.2007 no virus found
eSafe 7.0.14.0 01.15.2007 no virus found
eTrust-InoculateIT 23.73.113 01.13.2007 no virus found
eTrust-Vet 30.3.3329 01.15.2007 no virus found
Ewido 4.0 01.15.2007 Downloader.Agent.aii
Fortinet 2.82.0.0 01.15.2007 no virus found
F-Prot 3.16f 01.15.2007 no virus found
F-Prot4 4.2.1.29 01.12.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.15.2007 no virus found
McAfee 4938 01.12.2007 no virus found
Microsoft 1.1904 01.15.2007 no virus found
NOD32v2 1980 01.15.2007 no virus found
Norman 5.80.02 01.15.2007 W32/Malware
Panda 9.0.0.4 01.14.2007 Suspicious file
Prevx1 V2 01.15.2007 no virus found
Sophos 4.13.0 01.13.2007 no virus found
Sunbelt 2.2.907.0 01.12.2007 no virus found
TheHacker 6.0.3.148 01.14.2007 no virus found
UNA 1.83 01.12.2007 no virus found
VBA32 3.11.2 01.15.2007 suspected of Trojan-Proxy.Horst.170 (paranoid heuristics)
VirusBuster 4.3.19:9 01.15.2007 no virus found

Aditional Information
File size: 49152 bytes
MD5: 98fe527323b8643dfc97f172c0de5732
SHA1: ff433500cea0f62fc970d88de355025807bf9939
norman sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 49152 bytes.

[ Process/window information ]
* Modifies other process memory.
* Modifies execution flow of a remote process.

**Winsent** · 18.01.2007, 13:13

Complete scanning result of "Mashka.scr", received in VirusTotal at 01.18.2007, 11:10:32 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.21 01.17.2007 HEUR/Crypted
Authentium 4.93.8 01.17.2007 no virus found
Avast 4.7.936.0 01.17.2007 no virus found
AVG 386 01.18.2007 no virus found
BitDefender 7.2 01.18.2007 MemScan:Trojan.PWS.PdPinch.L
CAT-QuickHeal 9.00 01.17.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 01.18.2007 no virus found
DrWeb 4.33 01.18.2007 no virus found
eSafe 7.0.14.0 01.18.2007 Suspicious Trojan/Worm
eTrust-InoculateIT 23.73.116 01.18.2007 no virus found
eTrust-Vet 30.3.3334 01.18.2007 no virus found
Ewido 4.0 01.17.2007 no virus found
Fortinet 2.82.0.0 01.18.2007 suspicious
F-Prot 3.16f 01.17.2007 no virus found
F-Prot4 4.2.1.29 01.17.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.18.2007 Trojan-PSW.Win32.LdPinch.bkc
McAfee 4941 01.17.2007 no virus found
Microsoft 1.1904 01.18.2007 no virus found
NOD32v2 1988 01.18.2007 no virus found
Norman 5.80.02 01.17.2007 no virus found
Panda 9.0.0.4 01.17.2007 Suspicious file
Prevx1 V2 01.18.2007 no virus found
Sophos 4.13.0 01.17.2007 no virus found
Sunbelt 2.2.907.0 01.12.2007 VIPRE.Suspicious
TheHacker 6.0.3.148 01.14.2007 no virus found
UNA 1.83 01.17.2007 no virus found
VBA32 3.11.2 01.17.2007 no virus found
VirusBuster 4.3.19:9 01.18.2007 no virus found

Aditional Information
File size: 33805 bytes
MD5: a1cae0b3e11a5787892ac677f963b1c8
SHA1: ec3d276cffccd9d4ea86389a96b5667f8a678fe0
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**Зайцев Олег** · 18.01.2007, 19:44

STATUS: FINISHEDComplete scanning result of "_4.exe", received in VirusTotal at 01.18.2007, 17:39:47 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.21 01.18.2007 HEUR/Crypted
Authentium 4.93.8 01.17.2007 could be a corrupted executable file
Avast 4.7.936.0 01.18.2007 no virus found
AVG 386 01.18.2007 no virus found
BitDefender 7.2 01.18.2007 no virus found
CAT-QuickHeal 9.00 01.17.2007 no virus found
ClamAV devel-20060426 01.18.2007 no virus found
DrWeb 4.33 01.18.2007 no virus found
eSafe 7.0.14.0 01.18.2007 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.116 01.18.2007 no virus found
eTrust-Vet 30.3.3334 01.18.2007 no virus found
Ewido 4.0 01.17.2007 no virus found
Fortinet 2.82.0.0 01.18.2007 no virus found
F-Prot 3.16f 01.17.2007 no virus found
F-Prot4 4.2.1.29 01.18.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 Trojan-PSW.Win32.LdPinch.apk
Kaspersky 4.0.2.24 01.18.2007 no virus found
McAfee 4941 01.17.2007 no virus found
Microsoft 1.1904 01.18.2007 no virus found
NOD32v2 1988 01.18.2007 no virus found
Norman 5.80.02 01.18.2007 no virus found
Panda 9.0.0.4 01.17.2007 Suspicious file
Prevx1 V2 01.18.2007 no virus found
Sophos 4.13.0 01.17.2007 no virus found
Sunbelt 2.2.907.0 01.12.2007 VIPRE.Suspicious
TheHacker 6.0.3.149 01.18.2007 no virus found
UNA 1.83 01.17.2007 no virus found
VBA32 3.11.2 01.18.2007 no virus found
VirusBuster 4.3.19:9 01.18.2007 no virus found

Aditional Information
File size: 26526 bytes
MD5: 48ae2a22ffd78b439a9c9ecd861d9104
SHA1: 4d50dcca103b9bd01e53a1e0ca615fa9ede19e26
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

По данным моего анализатора - это модификация пинча.

**anton_dr** · 20.01.2007, 16:31

Из темы http://virusinfo.info/showthread.php?t=7594

Complete scanning result of "avz00001.dta", received in VirusTotal at 01.20.2007, 14:07:42 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.26 01.20.2007 no virus found
Authentium 4.93.8 01.20.2007 no virus found
Avast 4.7.936.0 01.18.2007 no virus found
AVG 386 01.20.2007 no virus found
BitDefender 7.2 01.20.2007 Trojan.FatObfus.Gen
CAT-QuickHeal 9.00 01.20.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 01.20.2007 no virus found
DrWeb 4.33 01.20.2007 no virus found
eSafe 7.0.14.0 01.20.2007 no virus found
eTrust-InoculateIT 23.73.118 01.20.2007 no virus found
eTrust-Vet 30.3.3336 01.19.2007 no virus found
Ewido 4.0 01.19.2007 no virus found
Fortinet 2.82.0.0 01.20.2007 suspicious
F-Prot 3.16f 01.20.2007 no virus found
F-Prot4 4.2.1.29 01.19.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 not-a-virus:AdWare.Win32.Lop.ag
Kaspersky 4.0.2.24 01.20.2007 no virus found
McAfee 4943 01.19.2007 no virus found
Microsoft 1.1904 01.20.2007 no virus found
NOD32v2 1992 01.20.2007 no virus found
Norman 5.80.02 01.19.2007 no virus found
Panda 9.0.0.4 01.20.2007 Suspicious file
Prevx1 V2 01.20.2007 Adware.Lop
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.12.2007 no virus found
TheHacker 6.0.3.151 01.19.2007 no virus found
UNA 1.83 01.19.2007 no virus found
VBA32 3.11.2 01.19.2007 suspected of Trojan-Downloader.Obfuscated.1 (paranoid heuristics)
VirusBuster 4.3.19:9 01.20.2007 no virus found

Aditional Information
File size: 228864 bytes
MD5: 308dd917c8c1cab36df22b25e95c0df1
SHA1: 7bd08b83f5ac23065c049770a459256f1a8fdcdb
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=614c69782788

Geser · 20.01.2007, 21:42

AntiVir 7.3.0.26 01.20.2007 TR/PCK.Klone.V.6
Authentium 4.93.8 01.20.2007 no virus found
Avast 4.7.936.0 01.18.2007 no virus found
AVG 386 01.20.2007 Generic2.MUX
BitDefender 7.2 01.20.2007 Trojan.Klone.H
CAT-QuickHeal 9.00 01.20.2007 no virus found
ClamAV devel-20060426 01.20.2007 no virus found
DrWeb 4.33 01.20.2007 Trojan.Mezzia
eSafe 7.0.14.0 01.20.2007 Win32.Klone.v
eTrust-InoculateIT 23.73.118 01.20.2007 Win32/Nebuler.AO!DLL!Trojan
eTrust-Vet 30.3.3336 01.19.2007 Win32/Nebuler.AO
Ewido 4.0 01.20.2007 Trojan.Agent.nff
Fortinet 2.82.0.0 01.20.2007 W32/Nebule.V!tr
F-Prot 3.16f 01.20.2007 no virus found
F-Prot4 4.2.1.29 01.20.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 Trojan.Win32.Agent.vg
Kaspersky 4.0.2.24 01.20.2007 Packed.Win32.Klone.v
McAfee 4943 01.19.2007 BackDoor-CVT
Microsoft 1.1904 01.20.2007 no virus found
NOD32v2 1992 01.20.2007 Win32/Agent.NFF
Norman 5.80.02 01.19.2007 W32/Agent.AUNX
Panda 9.0.0.4 01.20.2007 Trj/Nebule.B
Prevx1 V2 01.20.2007 Polynomial.Code.Exploit
Sophos 4.13.0 01.20.2007 Troj/Nebule-Gen
Sunbelt 2.2.907.0 01.12.2007 Trojan.Klone.H
TheHacker 6.0.3.151 01.19.2007 Trojan/Klone.v
UNA 1.83 01.19.2007 Trojan.Win32.Klone.2C6C
VBA32 3.11.2 01.19.2007 Trojan.Win32.Agent.NFF

**ISO** · 22.01.2007, 13:32

Complete scanning result of "r57.pl", received in VirusTotal at 01.22.2007, 09:39:18 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.26 01.22.2007 no virus found
Authentium 4.93.8 01.21.2007 no virus found
Avast 4.7.936.0 01.18.2007 no virus found
AVG 386 01.22.2007 no virus found
BitDefender 7.2 01.22.2007 no virus found
CAT-QuickHeal 9.00 01.22.2007 no virus found
ClamAV devel-20060426 01.21.2007 no virus found
DrWeb 4.33 01.22.2007 Exploit.phpBB
eSafe 7.0.14.0 01.21.2007 no virus found
eTrust-InoculateIT 23.73.119 01.22.2007 no virus found
eTrust-Vet 30.3.3343 01.22.2007 no virus found
Ewido 4.0 01.21.2007 no virus found
Fortinet 2.82.0.0 01.22.2007 no virus found
F-Prot 3.16f 01.21.2007 no virus found
F-Prot4 4.2.1.29 01.21.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.22.2007 Exploit.Perl.Board.c
McAfee 4943 01.19.2007 Perl/Exploit.gen
Microsoft 1.1904 01.22.2007 no virus found
NOD32v2 1995 01.21.2007 no virus found
Norman 5.80.02 01.22.2007 no virus found
Panda 9.0.0.4 01.21.2007 no virus found
Prevx1 V2 01.22.2007 no virus found
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.22.2007 no virus found
TheHacker 6.0.3.154 01.22.2007 no virus found
UNA 1.83 01.19.2007 no virus found
VBA32 3.11.2 01.22.2007 no virus found
VirusBuster 4.3.19:9 01.21.2007 no virus found

Aditional Information
File size: 16761 bytes
MD5: 3175fc5b7fea821faf3b620bf15bee33
SHA1: bf9a27982b610fed8c02c45e2c4704f2b8d6fd55

**ISO** · 22.01.2007, 13:33

Complete scanning result of "phpRemoteView.php", received in VirusTotal at 01.22.2007, 09:31:40 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.26 01.22.2007 no virus found
Authentium 4.93.8 01.21.2007 no virus found
Avast 4.7.936.0 01.18.2007 no virus found
AVG 386 01.22.2007 no virus found
BitDefender 7.2 01.22.2007 no virus found
CAT-QuickHeal 9.00 01.22.2007 no virus found
ClamAV devel-20060426 01.21.2007 no virus found
DrWeb 4.33 01.22.2007 no virus found
eSafe 7.0.14.0 01.21.2007 Win32.Hacktool
eTrust-InoculateIT 23.73.119 01.22.2007 no virus found
eTrust-Vet 30.3.3343 01.22.2007 no virus found
Ewido 4.0 01.21.2007 no virus found
Fortinet 2.82.0.0 01.22.2007 RAT/RemView
F-Prot 3.16f 01.21.2007 no virus found
F-Prot4 4.2.1.29 01.21.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.22.2007 not-a-virus:RemoteAdmin.PHP.RemView.a
McAfee 4943 01.19.2007 no virus found
Microsoft 1.1904 01.22.2007 no virus found
NOD32v2 1995 01.21.2007 PHP/RemoteAdmin.RemView.A
Norman 5.80.02 01.22.2007 no virus found
Panda 9.0.0.4 01.21.2007 no virus found
Prevx1 V2 01.22.2007 no virus found
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.22.2007 no virus found
TheHacker 6.0.3.154 01.22.2007 no virus found
UNA 1.83 01.19.2007 no virus found
VBA32 3.11.2 01.22.2007 no virus found
VirusBuster 4.3.19:9 01.21.2007 no virus found

Aditional Information
File size: 91159 bytes
MD5: b4a09911a5b23e00b55abe546ded691c
SHA1: 9a5f1bd37fa992b69bbc3f2e8ddfc18cb27c8ea3

**ISO** · 22.01.2007, 19:20

Complete scanning result of "fsb2.exe", received in VirusTotal at 01.22.2007, 17:12:26 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.26 01.22.2007 HEUR/Crypted
Authentium 4.93.8 01.21.2007 no virus found
Avast 4.7.936.0 01.22.2007 no virus found
AVG 386 01.22.2007 no virus found
BitDefender 7.2 01.22.2007 DeepScan:Generic.Dialer.61C27394
CAT-QuickHeal 9.00 01.22.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 01.22.2007 no virus found
DrWeb 4.33 01.22.2007 no virus found
eSafe 7.0.14.0 01.21.2007 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.119 01.22.2007 no virus found
eTrust-Vet 30.3.3343 01.22.2007 no virus found
Ewido 4.0 01.22.2007 no virus found
Fortinet 2.82.0.0 01.22.2007 suspicious
F-Prot 3.16f 01.21.2007 no virus found
F-Prot4 4.2.1.29 01.21.2007 generic
Ikarus T3.1.0.27 01.22.2007 no virus found
Kaspersky 4.0.2.24 01.22.2007 no virus found
McAfee 4944 01.22.2007 no virus found
Microsoft 1.1904 01.22.2007 no virus found
NOD32v2 1997 01.22.2007 Win32/PSW.LdPinch.BFP
Norman 5.80.02 01.22.2007 no virus found
Panda 9.0.0.4 01.22.2007 Suspicious file
Prevx1 V2 01.22.2007 no virus found
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.22.2007 VIPRE.Suspicious
TheHacker 6.0.3.154 01.22.2007 no virus found
UNA 1.83 01.19.2007 no virus found
VBA32 3.11.2 01.22.2007 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.19:9 01.22.2007 no virus found

Aditional Information
File size: 36320 bytes
MD5: 902499f4ad65093eaa9ae4fefa115235
SHA1: 87364cc8107af30b2a42ccd3b6565662cf33146b
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**ISO** · 22.01.2007, 19:29

Complete scanning result of "patch.exe", received in VirusTotal at 01.22.2007, 17:23:45 (CET).
Antivirus Version Update Result
AntiVir 7.3.0.26 01.22.2007 no virus found
Authentium 4.93.8 01.21.2007 no virus found
Avast 4.7.936.0 01.22.2007 no virus found
AVG 386 01.22.2007 no virus found
BitDefender 7.2 01.22.2007 BehavesLike:Trojan.ShellObject
CAT-QuickHeal 9.00 01.22.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 01.22.2007 no virus found
DrWeb 4.33 01.22.2007 Trojan.PWS.Wmsender
eSafe 7.0.14.0 01.21.2007 no virus found
eTrust-InoculateIT 23.73.119 01.22.2007 no virus found
eTrust-Vet 30.3.3343 01.22.2007 no virus found
Ewido 4.0 01.22.2007 no virus found
Fortinet 2.82.0.0 01.22.2007 suspicious
F-Prot 3.16f 01.21.2007 no virus found
F-Prot4 4.2.1.29 01.21.2007 no virus found
Ikarus T3.1.0.27 01.22.2007 no virus found
Kaspersky 4.0.2.24 01.22.2007 no virus found
McAfee 4944 01.22.2007 New Win32.g2
Microsoft 1.1904 01.22.2007 no virus found
NOD32v2 1997 01.22.2007 probably a variant of Win32/TrojanDropper.Small.NCP
Norman 5.80.02 01.22.2007 no virus found
Panda 9.0.0.4 01.22.2007 Suspicious file
Prevx1 V2 01.22.2007 no virus found
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.22.2007 VIPRE.Suspicious
TheHacker 6.0.3.154 01.22.2007 no virus found
UNA 1.83 01.19.2007 no virus found
VBA32 3.11.2 01.22.2007 Trojan.PWS.Wmsender
VirusBuster 4.3.19:9 01.22.2007 no virus found

Aditional Information
File size: 8704 bytes
MD5: 6573745c6dc2b364977729a3aef35272
SHA1: a30a6de1f2fcdb8ee157c66c0195a585560a76b5
packers: PECRYPT
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

**urbanangel** · 23.01.2007, 20:52

Complete scanning result of "Web_Money.exe", received in VirusTotal at 01.23.2007,
18:43:16 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.26 01.23.2007 TR/Drop.Tiny.M.3
Authentium 4.93.8 01.22.2007 no virus found
Avast 4.7.936.0 01.23.2007 no virus found
AVG 386 01.23.2007 no virus found
BitDefender 7.2 01.23.2007 no virus found
CAT-QuickHeal 9.00 01.22.2007 no virus found
ClamAV devel-20060426 01.23.2007 no virus found
DrWeb 4.33 01.23.2007 Trojan.MulDrop.5419
eSafe 7.0.14.0 01.23.2007 Win32.Tiny.m
eTrust-InoculateIT 23.73.120 01.23.2007 no virus found
eTrust-Vet 30.3.3344 01.23.2007 no virus found
Ewido 4.0 01.23.2007 no virus found
Fortinet 2.82.0.0 01.23.2007 no virus found
F-Prot 3.16f 01.22.2007 no virus found
F-Prot4 4.2.1.29 01.22.2007 no virus found
Ikarus T3.1.0.27 01.23.2007 Trojan-Clicker.Win32.NetBuie.H
Kaspersky 4.0.2.24 01.23.2007 Trojan-Dropper.Win32.Tiny.m
McAfee 4947 01.23.2007 no virus found
Microsoft 1.1904 01.23.2007 no virus found
NOD32v2 2000 01.23.2007 no virus found
Norman 5.80.02 01.23.2007 W32/Suspicious_M.gen.dropper
Panda 9.0.0.4 01.23.2007 Suspicious file
Prevx1 V2 01.23.2007 no virus found
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.22.2007 no virus found
TheHacker 6.0.3.154 01.22.2007 no virus found
UNA 1.83 01.23.2007 no virus found
VBA32 3.11.2 01.23.2007 Trojan.MulDrop.5038
VirusBuster 4.3.19:9 01.23.2007 no virus found

Aditional Information
File size: 552972 bytes
MD5: 34c0a2aade69879dea99a77b41b6a2e7
SHA1: 6205dfebf30757d2bce2d954522d3b1f7a0b3970

**Winsent** · 24.01.2007, 07:51

Complete scanning result of "Lena.scr", received in VirusTotal at 01.24.2007, 05:44:59 (CET).

Antivirus Version Update Result

AntiVir 7.3.0.26 01.23.2007 HEUR/Crypted
Authentium 4.93.8 01.23.2007 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
Avast 4.7.936.0 01.23.2007 Win32dpinch-AH
AVG 386 01.23.2007 no virus found
BitDefender 7.2 01.24.2007 Generic.PWStealer.C5C991E0
CAT-QuickHeal 9.00 01.22.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 01.23.2007 no virus found
DrWeb 4.33 01.23.2007 MULDROP.PWS.Trojan
eSafe 7.0.14.0 01.23.2007 Win32.LdPinch.bkn
eTrust-InoculateIT 23.73.121 01.24.2007 no virus found
eTrust-Vet 30.3.3346 01.23.2007 no virus found
Ewido 4.0 01.23.2007 Trojan.LdPinch.bkn
Fortinet 2.85.0.0 01.24.2007 no virus found
F-Prot 3.16f 01.23.2007 Possibly a new variant of W32/HLLI-MewOrleans-based!Maximus
F-Prot4 4.2.1.29 01.23.2007 W32/HLLI-MewOrleans-based!Maximus
Ikarus T3.1.0.27 01.24.2007 IM-Worm.Win32.Sumom.C
Kaspersky 4.0.2.24 01.24.2007 Trojan-PSW.Win32.LdPinch.bkn
McAfee 4947 01.23.2007 no virus found
Microsoft 1.1904 01.24.2007 Win32/Ldpinch
NOD32v2 2001 01.24.2007 probably a variant of Win32/PSW.LdPinch
Norman 5.80.02 01.23.2007 W32/Suspicious_M.gen
Panda 9.0.0.4 01.24.2007 no virus found
Prevx1 V2 01.24.2007 no virus found
Sophos 4.13.0 01.24.2007 Mal/Packer
Sunbelt 2.2.907.0 01.22.2007 VIPRE.Suspicious
TheHacker 6.0.3.155 01.24.2007 Trojan/PSW.LdPinch.bkn
UNA 1.83 01.23.2007 no virus found
VBA32 3.11.2 01.23.2007 MalwareScope.Trojan-PSW.Pinch.1
VirusBuster 4.3.19:9 01.23.2007 novirusacked/MEW

Aditional Information
File size: 51181 bytes
MD5: 8733b36ec7c5e66544350599277d942b
SHA1: 791f43d2dd8a1f05a779b031841905a46e443724
packers: MEW
packers: MEW
packers: MEW
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Исследование антивирусов 5

Опции темы

Исследование антивирусов 5

Похожие темы

Исследование антивирусов 7

Исследование антивирусов 6

Исследование антивирусов 4

Исследование антивирусов 3

Исследование антивирусов 2

Ваши права в разделе