Malekal's forum

[Malekal_morte]

Ajoute la ligne suivante sur HijackThis :

O4 - HKLM\..\Run: [Windows Anti Virus Control Center] avrscan.exe

Lié aux infections MSN "Picture can not be displayed" : viewtopic.php?f=57&t=11682

Complete scanning result of "triad.exe", processed in VirusTotal at 06/29/2008 12:00:21 (CET).

[ file data ]
* name..: triad.exe
* size..: 39503
* md5...: be6fafa1ed219cada4e773f9974051f7
* sha1..: 2ceb96a021ea79d6f03bfdebe8b195fa1df69d15
* peid..: Armadillo v1.71

[ scan result ]
AhnLab-V3 2008.6.27.1/20080627 found nothing
AntiVir 7.8.0.59/20080628 found [TR/Drop.SCD]
Authentium 5.1.0.4/20080629 found nothing
Avast 4.8.1195.0/20080628 found [Win32:Trojan-gen {Other}]
AVG 7.5.0.516/20080629 found [Dropper.Generic.ZEO]
BitDefender 7.2/20080629 found [Trojan.Dropper.SCD]
CAT-QuickHeal 9.50/20080628 found nothing
ClamAV 0.93.1/20080628 found nothing
DrWeb 4.44.0.09170/20080628 found [BackDoor.IRC.Sdbot.3713]
eSafe 7.0.17.0/20080626 found nothing
eTrust-Vet 31.6.5911/20080627 found nothing
Ewido 4.0/20080627 found nothing
F-Prot 4.4.4.56/20080629 found nothing
F-Secure 7.60.13501.0/20080626 found nothing
Fortinet 3.14.0.0/20080629 found nothing
GData 2.0.7306.1023/20080629 found [Win32:Trojan-gen ]
Ikarus T3.1.1.26.0/20080629 found [VirTool.Win32.Injector.b]
Kaspersky 7.0.0.125/20080629 found nothing
McAfee 5327/20080627 found nothing
Microsoft 1.3704/20080629 found [VirTool:Win32/Injector.gen!B]
NOD32v2 3225/20080629 found [Win32/Injector.BC]
Norman 5.80.02/20080627 found nothing
Panda 9.0.0.4/20080628 found nothing
Prevx1 V2/20080629 found nothing
Rising 20.50.62.00/20080629 found nothing
Sophos 4.30.0/20080629 found nothing
Sunbelt 3.0.1176.1/20080626 found nothing
Symantec 10/20080629 found nothing
TheHacker 6.2.96.364/20080628 found nothing
TrendMicro 8.700.0.1004/20080627 found nothing
VBA32 3.12.6.8/20080629 found nothing
VirusBuster 4.5.11.0/20080623 found nothing
Webwasher-Gateway 6.6.2/20080629 found [Trojan.Drop.SCD]

Kaspersky le détecte en Trojan-Dropper.Win32.Agent.tks

Hello,

triad.exe_ - Trojan-Dropper.Win32.Agent.tks

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

[Malekal_morte]

Ajoute la ligne suivante sur HijackThis :

O4 - HKLM\..\Run: [Windows Services] avsrv32.exe

Complete scanning result of "h1t3m.exe", processed in VirusTotal at 07/01/2008 13:47:39 (CET).

[ file data ]
* name..: h1t3m.exe
* size..: 47979
* md5...: 0e19c1e21bc2b4f38fcfc0975db5d4c4
* sha1..: a0def8f6e85d8a3a4a4d6b743c25789ae77a555b
* peid..: Armadillo v1.71

[ scan result ]
AhnLab-V3 2008.7.1.0/20080701 found nothing
AntiVir 7.8.0.59/20080701 found nothing
Authentium 5.1.0.4/20080701 found nothing
Avast 4.8.1195.0/20080630 found [Win32:Trojan-gen {Other}]
AVG 7.5.0.516/20080701 found nothing
BitDefender 7.2/20080701 found nothing
CAT-QuickHeal 9.50/20080630 found nothing
ClamAV 0.93.1/20080701 found nothing
DrWeb 4.44.0.09170/20080701 found nothing
eSafe 7.0.17.0/20080630 found nothing
eTrust-Vet 31.6.5916/20080701 found nothing
Ewido 4.0/20080627 found nothing
F-Prot 4.4.4.56/20080701 found nothing
F-Secure 7.60.13501.0/20080701 found nothing
Fortinet 3.14.0.0/20080701 found nothing
GData 2.0.7306.1023/20080701 found [Win32:Trojan-gen ]
Ikarus T3.1.1.26.0/20080701 found [VirTool.Win32.Injector.b]
Kaspersky 7.0.0.125/20080701 found nothing
McAfee 5328/20080630 found nothing
Microsoft 1.3704/20080701 found [VirTool:Win32/Injector.gen!B]
NOD32v2 3231/20080701 found nothing
Norman 5.80.02/20080630 found nothing
Panda 9.0.0.4/20080701 found nothing
Prevx1 V2/20080701 found nothing
Rising 20.51.12.00/20080701 found nothing
Sophos 4.30.0/20080701 found nothing
Sunbelt 3.1.1509.1/20080701 found nothing
Symantec 10/20080701 found [Trojan.Dropper]
TheHacker 6.2.96.365/20080701 found nothing
TrendMicro 8.700.0.1004/20080701 found nothing
VBA32 3.12.6.8/20080630 found nothing
VirusBuster 4.5.11.0/20080630 found nothing
Webwasher-Gateway 6.6.2/20080701 found nothing

[Malekal_morte]

Ajoute les lignes suivantes sur HijackThis :

O4 - HKLM\..\Run: [Windows Networking Monitor] C:\WINDOWS\system32\mdm.exe
O4 - HKLM\..\Run: [Windows Networking Monitorin] C:\WINDOWS\system32\xmdmx.exe

Fichier 76154_582856_mumie.exe reçu le 2008.07.02 01:33:36 (CET)
Situation actuelle: terminé
Résultat: 4/32 (12.50%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Dropper.Gen
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Suspicious:W32/Malware!Gemini
Fortinet - - -
GData - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - VirTool:Win32/Injector.gen!H
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Dropper.Gen
Information additionnelle
MD5: e44c31afa8af2e4e787788fa556ab29f
SHA1: 740ca1631c7100d15caf728f3cf85f1fa44456a0

Complete scanning result of "mumie2.exe", processed in VirusTotal at 07/02/2008 01:33:34 (CET).

[ file data ]
* name..: mumie2.exe
* size..: 20622
* md5...: ec94a4851038c8ff2c7e74fcbf5152e5
* sha1..: 7d0fef5c814c0fc46cf2418d8e636652f5098149
* peid..: -

[ scan result ]
AhnLab-V3 2008.7.2.0/20080701 found nothing
AntiVir 7.8.0.59/20080701 found nothing
Authentium 5.1.0.4/20080701 found nothing
Avast 4.8.1195.0/20080701 found nothing
AVG 7.5.0.516/20080701 found nothing
BitDefender 7.2/20080702 found nothing
CAT-QuickHeal 9.50/20080630 found nothing
ClamAV 0.93.1/20080702 found nothing
DrWeb 4.44.0.09170/20080701 found nothing
eSafe 7.0.17.0/20080701 found nothing
eTrust-Vet 31.6.5917/20080701 found nothing
Ewido 4.0/20080701 found nothing
F-Prot 4.4.4.56/20080701 found nothing
F-Secure 7.60.13501.0/20080701 found [Suspicious:W32/Malware!Gemini]
Fortinet 3.14.0.0/20080701 found nothing
GData 2.0.7306.1023/20080701 found nothing
Ikarus T3.1.1.26.0/20080701 found nothing
Kaspersky 7.0.0.125/20080702 found nothing
McAfee 5329/20080701 found nothing
Microsoft 1.3704/20080702 found [VirTool:Win32/Injector.gen!H]
NOD32v2 3233/20080701 found nothing
Norman 5.80.02/20080701 found nothing
Panda 9.0.0.4/20080701 found nothing
Prevx1 V2/20080702 found nothing
Rising 20.51.12.00/20080701 found nothing
Sophos 4.30.0/20080701 found nothing
Sunbelt 3.1.1509.1/20080701 found nothing
TheHacker 6.2.96.365/20080701 found nothing
TrendMicro 8.700.0.1004/20080701 found nothing
VBA32 3.12.6.8/20080701 found nothing
VirusBuster 4.5.11.0/20080701 found nothing
Webwasher-Gateway 6.6.2/20080701 found nothing

[Malekal_morte]

Fichier 76154_62949_ju.jpg reçu le 2008.07.02 00:12:01 (CET)
Situation actuelle: terminé
Résultat: 3/33 (9.09%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.2.0 2008.07.01 -
AntiVir 7.8.0.59 2008.07.01 -
Authentium 5.1.0.4 2008.07.01 -
Avast 4.8.1195.0 2008.07.01 -
AVG 7.5.0.516 2008.07.01 -
BitDefender 7.2 2008.07.01 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.07.01 -
DrWeb 4.44.0.09170 2008.07.01 -
eSafe 7.0.17.0 2008.07.01 -
eTrust-Vet 31.6.5917 2008.07.01 -
Ewido 4.0 2008.07.01 -
F-Prot 4.4.4.56 2008.07.01 -
F-Secure 7.60.13501.0 2008.07.01 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.07.01 -
GData 2.0.7306.1023 2008.07.01 -
Ikarus T3.1.1.26.0 2008.07.01 -
Kaspersky 7.0.0.125 2008.07.01 -
McAfee 5329 2008.07.01 -
Microsoft 1.3704 2008.07.02 VirTool:Win32/Injector.gen!H
NOD32v2 3233 2008.07.01 -
Norman 5.80.02 2008.07.01 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.02 Malicious Software
Rising 20.51.12.00 2008.07.01 -
Sophos 4.30.0 2008.07.01 -
Sunbelt 3.1.1509.1 2008.07.01 -
Symantec 10 2008.07.01 -
TheHacker 6.2.96.365 2008.07.01 -
TrendMicro 8.700.0.1004 2008.07.01 -
VBA32 3.12.6.8 2008.07.01 -
VirusBuster 4.5.11.0 2008.07.01 -
Webwasher-Gateway 6.6.2 2008.07.01 -
Information additionnelle
File size: 20622 bytes
MD5...: 44b4692bb791d456775624fe76313bf7
SHA1..: 92116fc2e42b594ec2244e69b51bf22d41e29518

Kaspersky :

Hello,

ju.jpg_ - Backdoor.Win32.IRCBot.dwc

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

Avira a tjrs du mal à intégrer certaines variantes...... :

File ID Filename Size (Byte) Result
25063473 ju.jpg 20.14 KB CLEAN


Please find a detailed report concerning each individual sample below:

Filename Result
ju.jpg CLEAN

The file 'ju.jpg' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

[Malekal_morte]

Evolution des détections.
Rappel, la majorité des fichiers sont originaires de ce botnet : Virus MSN : Picture can not be displayed

9/33 --> 16/33 (48.49%) en 3 jours.


Fichier triad.exe reçu le 2008.07.02 11:40:28 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 16/33 (48.49%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.2.0 2008.07.02 -
AntiVir 7.8.0.59 2008.07.02 TR/Drop.SCD
Authentium 5.1.0.4 2008.07.01 -
Avast 4.8.1195.0 2008.07.01 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.07.01 Dropper.Generic.ZEO
BitDefender 7.2 2008.07.02 Trojan.Dropper.SCD
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.07.02 -
DrWeb 4.44.0.09170 2008.07.02 BackDoor.IRC.Sdbot.3713
eSafe 7.0.17.0 2008.07.01 Win32.Agent.tks
eTrust-Vet 31.6.5920 2008.07.02 -
Ewido 4.0 2008.07.01 -
F-Prot 4.4.4.56 2008.07.01 -
F-Secure 7.60.13501.0 2008.07.01 Trojan-Dropper.Win32.Agent.tks
Fortinet 3.14.0.0 2008.07.02 PossibleThreat
GData 2.0.7306.1023 2008.07.02 Trojan-Dropper.Win32.Agent.tks
Ikarus T3.1.1.26.0 2008.07.02 VirTool.Win32.Injector.b
Kaspersky 7.0.0.125 2008.07.02 Trojan-Dropper.Win32.Agent.tks
McAfee 5329 2008.07.01 -
Microsoft None 2008.07.02 -
NOD32v2 3234 2008.07.02 Win32/Injector.BC
Norman 5.80.02 2008.07.01 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.02 -
Rising 20.51.21.00 2008.07.02 -
Sophos 4.30.0 2008.07.02 -
Sunbelt 3.1.1509.1 2008.07.01 Trojan-Dropper.SCD
Symantec 10 2008.07.02 Trojan.Dropper
TheHacker 6.2.96.366 2008.07.02 -
TrendMicro 8.700.0.1004 2008.07.02 -
VBA32 3.12.6.8 2008.07.02 Malware-Tool.Win32.Injector
VirusBuster 4.5.11.0 2008.07.01 -
Webwasher-Gateway 6.6.2 2008.07.02 Trojan.Drop.SCD
Information additionnelle
File size: 39503 bytes
MD5...: be6fafa1ed219cada4e773f9974051f7
SHA1..: 2ceb96a021ea79d6f03bfdebe8b195fa1df69d15

5/33 --> 8/33 en 1 jour.

Fichier h1t3m.exe reçu le 2008.07.02 11:40:05 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 8/33 (24.25%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.2.0 2008.07.02 -
AntiVir 7.8.0.59 2008.07.02 TR/Agent.sxa
Authentium 5.1.0.4 2008.07.01 -
Avast 4.8.1195.0 2008.07.01 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.07.01 -
BitDefender 7.2 2008.07.02 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.07.02 -
DrWeb 4.44.0.09170 2008.07.02 -
eSafe 7.0.17.0 2008.07.01 -
eTrust-Vet 31.6.5920 2008.07.02 -
Ewido 4.0 2008.07.01 -
F-Prot 4.4.4.56 2008.07.01 -
F-Secure 7.60.13501.0 2008.07.01 -
Fortinet 3.14.0.0 2008.07.02 -
GData 2.0.7306.1023 2008.07.02 Trojan.Win32.Agent.sxa
Ikarus T3.1.1.26.0 2008.07.02 VirTool.Win32.Injector.b
Kaspersky 7.0.0.125 2008.07.02 Trojan.Win32.Agent.sxa
McAfee 5329 2008.07.01 -
Microsoft None 2008.07.02 -
NOD32v2 3234 2008.07.02 Win32/IRCBot.AIL
Norman 5.80.02 2008.07.01 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.02 -
Rising 20.51.21.00 2008.07.02 -
Sophos 4.30.0 2008.07.02 -
Sunbelt 3.1.1509.1 2008.07.01 -
Symantec 10 2008.07.02 Trojan.Dropper
TheHacker 6.2.96.366 2008.07.02 -
TrendMicro 8.700.0.1004 2008.07.02 -
VBA32 3.12.6.8 2008.07.02 -
VirusBuster 4.5.11.0 2008.07.01 -
Webwasher-Gateway 6.6.2 2008.07.02 Trojan.Agent.sxa
Information additionnelle
File size: 47979 bytes
MD5...: 0e19c1e21bc2b4f38fcfc0975db5d4c4
SHA1..: a0def8f6e85d8a3a4a4d6b743c25789ae77a555b

2/33 --> 6/33 en 10h environ

Fichier mumie.exe reçu le 2008.07.02 11:40:40 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 6/33 (18.19%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.2.0 2008.07.02 -
AntiVir 7.8.0.59 2008.07.02 TR/Dropper.Gen
Authentium 5.1.0.4 2008.07.01 -
Avast 4.8.1195.0 2008.07.01 -
AVG 7.5.0.516 2008.07.01 -
BitDefender 7.2 2008.07.02 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.07.02 -
DrWeb 4.44.0.09170 2008.07.02 -
eSafe 7.0.17.0 2008.07.01 -
eTrust-Vet 31.6.5920 2008.07.02 -
Ewido 4.0 2008.07.01 -
F-Prot 4.4.4.56 2008.07.01 -
F-Secure 7.60.13501.0 2008.07.01 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.07.02 -
GData 2.0.7306.1023 2008.07.02 Backdoor.Win32.IRCBot.dwa
Ikarus T3.1.1.26.0 2008.07.02 Trojan-Dropper
Kaspersky 7.0.0.125 2008.07.02 Backdoor.Win32.IRCBot.dwa
McAfee 5329 2008.07.01 -
Microsoft None 2008.07.02 -
NOD32v2 3234 2008.07.02 -
Norman 5.80.02 2008.07.01 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.02 -
Rising 20.51.21.00 2008.07.02 -
Sophos 4.30.0 2008.07.02 -
Sunbelt 3.1.1509.1 2008.07.01 -
Symantec 10 2008.07.02 -
TheHacker 6.2.96.366 2008.07.02 -
TrendMicro 8.700.0.1004 2008.07.02 -
VBA32 3.12.6.8 2008.07.02 -
VirusBuster 4.5.11.0 2008.07.01 -
Webwasher-Gateway 6.6.2 2008.07.02 Trojan.Dropper.Gen
Information additionnelle
File size: 22350 bytes
MD5...: e44c31afa8af2e4e787788fa556ab29f
SHA1..: 740ca1631c7100d15caf728f3cf85f1fa44456a0

2/33 --> 4/33 en 10h environ

Fichier mumie2.exe reçu le 2008.07.02 11:40:56 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 4/33 (12.13%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.2.0 2008.07.02 -
AntiVir 7.8.0.59 2008.07.02 -
Authentium 5.1.0.4 2008.07.01 -
Avast 4.8.1195.0 2008.07.01 -
AVG 7.5.0.516 2008.07.01 -
BitDefender 7.2 2008.07.02 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.07.02 -
DrWeb 4.44.0.09170 2008.07.02 -
eSafe 7.0.17.0 2008.07.01 -
eTrust-Vet 31.6.5920 2008.07.02 -
Ewido 4.0 2008.07.01 -
F-Prot 4.4.4.56 2008.07.01 -
F-Secure 7.60.13501.0 2008.07.01 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.07.02 -
GData 2.0.7306.1023 2008.07.02 Backdoor.Win32.IRCBot.dwb
Ikarus T3.1.1.26.0 2008.07.02 VirTool.Win32.Injector.H
Kaspersky 7.0.0.125 2008.07.02 Backdoor.Win32.IRCBot.dwb
McAfee 5329 2008.07.01 -
Microsoft None 2008.07.02 -
NOD32v2 3234 2008.07.02 -
Norman 5.80.02 2008.07.01 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.02 -
Rising 20.51.21.00 2008.07.02 -
Sophos 4.30.0 2008.07.02 -
Sunbelt 3.1.1509.1 2008.07.01 -
Symantec 10 2008.07.02 -
TheHacker 6.2.96.366 2008.07.02 -
TrendMicro 8.700.0.1004 2008.07.02 -
VBA32 3.12.6.8 2008.07.02 -
VirusBuster 4.5.11.0 2008.07.01 -
Webwasher-Gateway 6.6.2 2008.07.02 -
Information additionnelle
File size: 20622 bytes
MD5...: ec94a4851038c8ff2c7e74fcbf5152e5
SHA1..: 7d0fef5c814c0fc46cf2418d8e636652f5098149

3/33 --> 5/33 (15.16%)

Fichier ju.jpg reçu le 2008.07.02 11:48:09 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 5/33 (15.16%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.2.0 2008.07.01 -
AntiVir 7.8.0.59 2008.07.02 -
Authentium 5.1.0.4 2008.07.01 -
Avast 4.8.1195.0 2008.07.01 -
AVG 7.5.0.516 2008.07.01 -
BitDefender 7.2 2008.07.02 -
CAT-QuickHeal 9.50 2008.06.30 -
ClamAV 0.93.1 2008.07.02 -
DrWeb 4.44.0.09170 2008.07.02 -
eSafe 7.0.17.0 2008.07.01 -
eTrust-Vet 31.6.5920 2008.07.02 -
Ewido 4.0 2008.07.01 -
F-Prot 4.4.4.56 2008.07.01 -
F-Secure 7.60.13501.0 2008.07.01 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.07.02 -
GData 2.0.7306.1023 2008.07.02 Backdoor.Win32.IRCBot.dwc
Ikarus T3.1.1.26.0 2008.07.02 VirTool.Win32.Injector.H
Kaspersky 7.0.0.125 2008.07.02 Backdoor.Win32.IRCBot.dwc
McAfee 5329 2008.07.01 -
Microsoft None 2008.07.02 -
NOD32v2 3234 2008.07.02 -
Norman 5.80.02 2008.07.01 -
Panda 9.0.0.4 2008.07.01 -
Prevx1 V2 2008.07.02 Malicious Software
Rising 20.51.21.00 2008.07.02 -
Sophos 4.30.0 2008.07.02 -
Sunbelt 3.1.1509.1 2008.07.01 -
Symantec 10 2008.07.02 -
TheHacker 6.2.96.366 2008.07.02 -
TrendMicro 8.700.0.1004 2008.07.02 -
VBA32 3.12.6.8 2008.07.02 -
VirusBuster 4.5.11.0 2008.07.01 -
Webwasher-Gateway 6.6.2 2008.07.02 -
Information additionnelle
File size: 20622 bytes
MD5...: 44b4692bb791d456775624fe76313bf7
SHA1..: 92116fc2e42b594ec2244e69b51bf22d41e29518

On voit que Kaspersky est le plus rapide de tous avec Antivir derrière.
Kaspersky a un service 24/24 7/7, Antivir horraires de bureau, il est 12h, ils ont commencé à intégrer de nouvelles menaces qu'à partir de 8h30 d'où le retard sur Kasperspky.

Les autres antivirus sont quand mêmes loin derrière.
Chose qui avait été déjà constaté depuis longtemps dans cette section.
Dans la partie Virus MSN : viewforum.php?f=57
avec d'ancienne infections MSN :
viewtopic.php?f=57&t=8742
viewtopic.php?f=57&t=7527
et tout au long des divers scans VirusTotal donnés sur ce forum.


Note pour Avast!, il y a des détections génériques Win32:Trojan-gen {Other} ce qu'on ne voyait pas avant, il y a un an. La détection génériques est donc bien mises à jour, ce qui n'était pas le cas avant.
A terme et on l'espère Avast! rattrapera peut-être son retard pour une meilleur performance de détection mais il y a encore beaucoup de retard et de travail.

[Malekal_morte]

Antivir a ajouté le second mumie en TR/Dropper.Gen

The file 'mumie2.exe' has been determined to be 'MALWARE'. Our analysts named the threat Worm/IrcBot.20622. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.00.05.35.

Filename Result
mumie.exe MALWARE

The file 'mumie.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.

[Malekal_morte]

Complete scanning result of "resimler.php", processed in VirusTotal at 07/07/2008 13:04:57 (CET).

[ file data ]
* name: resimler.php
* size: 73728
* md5.: a768bc16b36bae640374a52f15c47037
* sha1: 9599ca1a1c8d9bfd46522fa5c5d5fa53ab191d3f
* peid..: -

[ scan result ]
AhnLab-V3 2008.7.4.1/20080707 found nothing
AntiVir 7.8.0.64/20080707 found nothing
Authentium 5.1.0.4/20080706 found nothing
Avast 4.8.1195.0/20080706 found nothing
AVG 7.5.0.516/20080707 found [Generic10.AXPL]
BitDefender 7.2/20080707 found [Trojan.Delf.Inject.E]
CAT-QuickHeal 9.50/20080704 found nothing
ClamAV 0.93.1/20080707 found nothing
DrWeb 4.44.0.09170/20080707 found nothing
eSafe 7.0.17.0/20080703 found nothing
eTrust-Vet 31.6.5934/20080707 found nothing
Ewido 4.0/20080707 found nothing
F-Prot 4.4.4.56/20080706 found nothing
F-Secure 7.60.13501.0/20080703 found nothing
Fortinet 3.14.0.0/20080707 found nothing
GData 2.0.7306.1023/20080707 found [Trojan.Win32.Crypt.ef]
Ikarus T3.1.1.26/20080707 found [Trojan.Delf.Inject.E]
Kaspersky 7.0.0.125/20080707 found [Trojan.Win32.Crypt.ef]
McAfee 5332/20080704 found nothing
Microsoft 1.3704/20080707 found [Worm:Win32/Pushbot.gen]
NOD32v2 3246/20080707 found [IRC/SdBot]
Norman 5.80.02/20080704 found nothing
Panda 9.0.0.4/20080706 found [Suspicious file]
Prevx1 V2/20080707 found nothing
Rising 20.51.60.00/20080706 found nothing
Sophos 4.31.0/20080707 found [Troj/KCryDr-A]
Sunbelt 3.1.1509.1/20080704 found nothing
Symantec 10/20080707 found nothing
TheHacker 6.2.96.374/20080707 found nothing
TrendMicro 8.700.0.1004/20080707 found nothing
VBA32 3.12.6.8/20080706 found [Trojan.Win32.Buzus.ktv]
VirusBuster 4.5.11.0/20080706 found nothing
Webwasher-Gateway 6.6.2/20080707 found nothing

[Malekal_morte]

Fichier sysregi.exe reçu le 2008.07.08 23:14:30 (CET)
Situation actuelle: terminé
Résultat: 8/33 (24.24%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.9.0 2008.07.08 -
AntiVir 7.8.0.64 2008.07.08 -
Authentium 5.1.0.4 2008.07.08 W32/Heuristic-KPP!Eldorado
Avast 4.8.1195.0 2008.07.08 -
AVG 7.5.0.516 2008.07.08 -
BitDefender 7.2 2008.07.08 -
CAT-QuickHeal 9.50 2008.07.08 -
ClamAV 0.93.1 2008.07.08 -
DrWeb 4.44.0.09170 2008.07.08 -
eSafe 7.0.17.0 2008.07.08 -
eTrust-Vet 31.6.5937 2008.07.08 -
Ewido 4.0 2008.07.08 -
F-Prot 4.4.4.56 2008.07.08 W32/DelfInject.A.gen!Eldorado
F-Secure 7.60.13501.0 2008.07.08 -
Fortinet 3.14.0.0 2008.07.08 -
GData 2.0.7306.1023 2008.07.08 -
Ikarus T3.1.1.26.0 2008.07.08 VirTool.Win32.DelfInject.T
Kaspersky 7.0.0.125 2008.07.08 -
McAfee 5334 2008.07.08 -
Microsoft 1.3704 2008.07.08 VirTool:Win32/DelfInject.gen!T
NOD32v2 3252 2008.07.08 Win32/Rbot
Norman 5.80.02 2008.07.08 -
Panda 9.0.0.4 2008.07.08 -
Prevx1 V2 2008.07.08 Suspicious
Rising 20.52.12.00 2008.07.08 -
Sophos 4.31.0 2008.07.08 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.08 -
TheHacker 6.2.96.374 2008.07.07 Trojan/Inject.gen
TrendMicro 8.700.0.1004 2008.07.08 -
VBA32 3.12.6.8 2008.07.08 -
VirusBuster 4.5.11.0 2008.07.08 -
Webwasher-Gateway 6.6.2 2008.07.08 Win32.Malware.gen!90 (suspicious)
Information additionnelle
File size: 174592 bytes
MD5...: ecce9c8cb4db7a8d0f7df9777fd3f59f
SHA1..: f02140fb076d9fe566a4e13dcdeb1aa34cbe8002
SHA256: