Toujours très actif...
Code : Tout sélectionner
1256584681.940 1626 192.168.1.63 TCP_MISS/200 37151 GET http://bro-gals.com//getexe.php?spl=mdac - DIRECT/188.130.176.246 application/octet-stream
Détection du dropper initial :
File load_13_.exe received on 2009.10.26 17:41:29 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 11/41 (26.83%)
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.26 Trojan.Crypt!IK
AhnLab-V3 5.0.0.2 2009.10.26 -
AntiVir 7.9.1.44 2009.10.26 TR/Crypt.FKM.Gen
Antiy-AVL 2.0.3.7 2009.10.26 -
Authentium 5.1.2.4 2009.10.26 -
Avast 4.8.1351.0 2009.10.25 -
AVG 8.5.0.423 2009.10.26 -
BitDefender 7.2 2009.10.26 -
CAT-QuickHeal 10.00 2009.10.26 -
ClamAV 0.94.1 2009.10.26 -
Comodo 2740 2009.10.26 -
DrWeb 5.0.0.12182 2009.10.26 -
eSafe 7.0.17.0 2009.10.25 Suspicious File
eTrust-Vet 35.1.7083 2009.10.26 -
F-Prot 4.5.1.85 2009.10.26 -
F-Secure 9.0.15370.0 2009.10.22 Suspicious:W32/Malware!Gemini
Fortinet 3.120.0.0 2009.10.26 -
GData 19 2009.10.26 -
Ikarus T3.1.1.72.0 2009.10.26 Trojan.Crypt
Jiangmin 11.0.800 2009.10.26 -
K7AntiVirus 7.10.879 2009.10.24 -
Kaspersky 7.0.0.125 2009.10.26 -
McAfee 5782 2009.10.25 Suspect-02!87E5CB8DC496
McAfee+Artemis 5782 2009.10.25 Suspect-02!87E5CB8DC496
McAfee-GW-Edition 6.8.5 2009.10.26 Heuristic.LooksLike.Win32.Suspicious.A
Microsoft 1.5202 2009.10.26 -
NOD32 4544 2009.10.26 -
Norman 6.03.02 2009.10.26 -
nProtect 2009.1.8.0 2009.10.26 -
Panda 10.0.2.2 2009.10.26 Suspicious file
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.26 -
Rising 21.53.04.00 2009.10.26 -
Sophos 4.46.0 2009.10.26 Mal/Behav-210
Sunbelt 3.2.1858.2 2009.10.26 -
Symantec 1.4.4.12 2009.10.26 Downloader
TheHacker 6.5.0.2.053 2009.10.24 -
TrendMicro 8.950.0.1094 2009.10.26 -
VBA32 3.12.10.11 2009.10.23 -
ViRobot 2009.10.26.2005 2009.10.26 -
VirusBuster 4.6.5.0 2009.10.26 -
Additional information
File size: 36864 bytes
MD5...: 87e5cb8dc49674e649ea15095dbb77d8
SHA1..: e93265a03f1db419c52bbecfd0c6bb234f4182d6
Les lignes
HiJackThis relatives à l'infection :
O4 - HKLM\..\Run: [15585630] C:\DOCUME~1\ALLUSE~1\APPLIC~1\15585630\15585630.exe
O4 - HKCU\..\Run: [mscj.exe] C:\Documents and Settings\Malekal_morte\Application Data\MSA\mscj.exe
O4 - HKCU\..\Run: [fff.exe] C:\Documents and Settings\Malekal_morte\Application Data\MSA\fff.exe
O4 - HKCU\..\Run: [w2_0.exe] C:\Documents and Settings\Malekal_morte\Application Data\MSA\w2_0.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\15585630\15585630.exe = Le rogue Security Tools
File 15585630.exe received on 2009.10.26 17:56:12 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 18/41 (43.91%)
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.26 -
AhnLab-V3 5.0.0.2 2009.10.26 -
AntiVir 7.9.1.44 2009.10.26 TR/PCK.Krap.X.404
Antiy-AVL 2.0.3.7 2009.10.26 -
Authentium 5.1.2.4 2009.10.26 -
Avast 4.8.1351.0 2009.10.25 Win32:MalOb-Z
AVG 8.5.0.423 2009.10.26 Generic15.OBH
BitDefender 7.2 2009.10.26 -
CAT-QuickHeal 10.00 2009.10.26 -
ClamAV 0.94.1 2009.10.26 -
Comodo 2740 2009.10.26 -
DrWeb 5.0.0.12182 2009.10.26 Trojan.Packed.10700
eSafe 7.0.17.0 2009.10.25 -
eTrust-Vet 35.1.7083 2009.10.26 Win32/RogueSecurity!generic
F-Prot 4.5.1.85 2009.10.26 W32/FakeAlert.DR.gen!Eldorado
F-Secure 9.0.15370.0 2009.10.22 -
Fortinet 3.120.0.0 2009.10.26 -
GData 19 2009.10.26 Win32:MalOb-Z
Ikarus T3.1.1.72.0 2009.10.26 -
Jiangmin 11.0.800 2009.10.26 -
K7AntiVirus 7.10.879 2009.10.24 -
Kaspersky 7.0.0.125 2009.10.26 Packed.Win32.Krap.x
McAfee 5782 2009.10.25 FakeAlert-DZ
McAfee+Artemis 5782 2009.10.25 FakeAlert-DZ
McAfee-GW-Edition 6.8.5 2009.10.26 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.5202 2009.10.26 Trojan:Win32/Winwebsec
NOD32 4544 2009.10.26 -
Norman 6.03.02 2009.10.26 W32/Crypt.LDD
nProtect 2009.1.8.0 2009.10.26 -
Panda 10.0.2.2 2009.10.26 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.26 Medium Risk Malware
Rising 21.53.04.00 2009.10.26 -
Sophos 4.46.0 2009.10.26 Mal/FakeAV-AD
Sunbelt 3.2.1858.2 2009.10.26 FraudTool.Win32.RogueSecurity (v)
Symantec 1.4.4.12 2009.10.26 Trojan.FakeAV!gen6
TheHacker 6.5.0.2.053 2009.10.24 -
TrendMicro 8.950.0.1094 2009.10.26 Mal_FakeAV-17
VBA32 3.12.10.11 2009.10.23 -
ViRobot 2009.10.26.2005 2009.10.26 -
VirusBuster 4.6.5.0 2009.10.26 -
Additional information
File size: 1051682 bytes
MD5...: 724860c9e424a2c7d9f4462295b460f5
SHA1..: a71441c5e8443762db20b48af973e5cd0e4b73d4
SHA256: 8bda77cdabab463337845857a0f082f4b477eef54682af46afb8d445ceeee711
ssdeep: 24576:IhNLbNaPAtgxaEp6nrqv4B1S5td7JDpjuWp:Ih25M1rqv4rS5tlXuA
Les autres lignes étaient d'autres malwares et notamment des
Trojan.Cliker qui se connectent à beaucoup de sites et notamment pornographiques en fond :
File fff.exe received on 2009.10.21 00:52:21 (UTC)
Current status: finished
Result: 26/41 (63.41%)
Compact Print results
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.20 Trojan-Downloader.Win32.FakeMSA!IK
AhnLab-V3 5.0.0.2 2009.10.20 Win-Trojan/Xema.variant
AntiVir 7.9.1.35 2009.10.20 TR/Crypt.XPACK.Gen
Antiy-AVL 2.0.3.7 2009.10.20 -
Authentium 5.1.2.4 2009.10.21 W32/Agent.ICR
Avast 4.8.1351.0 2009.10.20 Win32:Trojan-gen
AVG 8.5.0.420 2009.10.20 Generic14.AJPC
BitDefender 7.2 2009.10.21 Trojan.Generic.2509678
CAT-QuickHeal 10.00 2009.10.20 Trojan.Agent.ATV
ClamAV 0.94.1 2009.10.20 -
Comodo 2672 2009.10.21 TrojWare.Win32.Downloader.VB.~AQ
DrWeb 5.0.0.12182 2009.10.21 -
eSafe 7.0.17.0 2009.10.19 Suspicious File
eTrust-Vet 35.1.7075 2009.10.19 Win32/FakeMSA.I
F-Prot 4.5.1.85 2009.10.20 W32/Agent.ICR
F-Secure 9.0.15300.0 2009.10.20 Trojan.Generic.2509678
Fortinet 3.120.0.0 2009.10.20 PossibleThreat
GData 19 2009.10.21 Trojan.Generic.2509678
Ikarus T3.1.1.72.0 2009.10.20 Trojan-Downloader.Win32.FakeMSA
Jiangmin 11.0.800 2009.10.20 -
K7AntiVirus 7.10.875 2009.10.20 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.10.21 -
McAfee 5777 2009.10.20 Generic.dx!fgy
McAfee+Artemis 5777 2009.10.20 Generic.dx!fgy
McAfee-GW-Edition 6.8.5 2009.10.20 Trojan.Crypt.XPACK.Gen
Microsoft 1.5101 2009.10.20 -
NOD32 4527 2009.10.20 Win32/PSW.VB.NDH
Norman 6.03.02 2009.10.20 W32/Smalltroj.RMGE
nProtect 2009.1.8.0 2009.10.20 -
Panda 10.0.2.2 2009.10.20 Suspicious file
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.21 Medium Risk Malware
Rising 21.52.14.00 2009.10.20 -
Sophos 4.46.0 2009.10.21 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.10.20 -
Symantec 1.4.4.12 2009.10.21 Trojan Horse
TheHacker 6.5.0.2.049 2009.10.20 -
TrendMicro 8.950.0.1094 2009.10.20 -
VBA32 3.12.10.11 2009.10.20 -
ViRobot 2009.10.20.1996 2009.10.20 -
VirusBuster 4.6.5.0 2009.10.20 -
Additional information
File size: 24576 bytes
MD5 : 231142fce0a48428bbb30c786a23d2fa
SHA1 : 3a475ad989f107b9484a6254b9d1515a7a45475e
Fichier w2_0.exe reçu le 2009.10.26 17:54:11 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 2/41 (4.88%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.26 -
AhnLab-V3 5.0.0.2 2009.10.26 -
AntiVir 7.9.1.44 2009.10.26 -
Antiy-AVL 2.0.3.7 2009.10.26 -
Authentium 5.1.2.4 2009.10.26 -
Avast 4.8.1351.0 2009.10.25 -
AVG 8.5.0.423 2009.10.26 -
BitDefender 7.2 2009.10.26 -
CAT-QuickHeal 10.00 2009.10.26 -
ClamAV 0.94.1 2009.10.26 -
Comodo 2740 2009.10.26 -
DrWeb 5.0.0.12182 2009.10.26 -
eSafe 7.0.17.0 2009.10.25 -
eTrust-Vet 35.1.7083 2009.10.26 -
F-Prot 4.5.1.85 2009.10.26 -
F-Secure 9.0.15370.0 2009.10.22 -
Fortinet 3.120.0.0 2009.10.26 -
GData 19 2009.10.26 -
Ikarus T3.1.1.72.0 2009.10.26 -
Jiangmin 11.0.800 2009.10.26 -
K7AntiVirus 7.10.879 2009.10.24 -
Kaspersky 7.0.0.125 2009.10.26 -
McAfee 5782 2009.10.25 -
McAfee+Artemis 5782 2009.10.25 -
McAfee-GW-Edition 6.8.5 2009.10.26 Heuristic.BehavesLike.Win32.Suspicious.B
Microsoft 1.5202 2009.10.26 -
NOD32 4544 2009.10.26 -
Norman 6.03.02 2009.10.26 -
nProtect 2009.1.8.0 2009.10.26 -
Panda 10.0.2.2 2009.10.26 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.26 High Risk Fraudulent Security Program
Rising 21.53.04.00 2009.10.26 -
Sophos 4.46.0 2009.10.26 -
Sunbelt 3.2.1858.2 2009.10.26 -
Symantec 1.4.4.12 2009.10.26 -
TheHacker 6.5.0.2.053 2009.10.24 -
TrendMicro 8.950.0.1094 2009.10.26 -
VBA32 3.12.10.11 2009.10.23 -
ViRobot 2009.10.26.2005 2009.10.26 -
VirusBuster 4.6.5.0 2009.10.26 -
Information additionnelle
File size: 69632 bytes
MD5...: 8cdfeef9ff6fe8e5fdd2ec1819d7e61f
SHA1..: 85e760105a844c3da4b10c04a070a60bcde3790b
File mscj.exe received on 2009.10.26 17:53:10 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 11/41 (26.83%)
Loading server information...
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.26 Trojan-Downloader.Win32.VB!IK
AhnLab-V3 5.0.0.2 2009.10.26 -
AntiVir 7.9.1.44 2009.10.26 TR/ATRAPS.Gen
Antiy-AVL 2.0.3.7 2009.10.26 -
Authentium 5.1.2.4 2009.10.26 -
Avast 4.8.1351.0 2009.10.25 -
AVG 8.5.0.423 2009.10.26 -
BitDefender 7.2 2009.10.26 -
CAT-QuickHeal 10.00 2009.10.26 -
ClamAV 0.94.1 2009.10.26 -
Comodo 2740 2009.10.26 -
DrWeb 5.0.0.12182 2009.10.26 -
eSafe 7.0.17.0 2009.10.25 Suspicious File
eTrust-Vet 35.1.7083 2009.10.26 -
F-Prot 4.5.1.85 2009.10.26 -
F-Secure 9.0.15370.0 2009.10.22 Suspicious:W32/Malware!Gemini
Fortinet 3.120.0.0 2009.10.26 -
GData 19 2009.10.26 -
Ikarus T3.1.1.72.0 2009.10.26 Trojan-Downloader.Win32.VB
Jiangmin 11.0.800 2009.10.26 -
K7AntiVirus 7.10.879 2009.10.24 -
Kaspersky 7.0.0.125 2009.10.26 -
McAfee 5782 2009.10.25 -
McAfee+Artemis 5782 2009.10.25 -
McAfee-GW-Edition 6.8.5 2009.10.26 Trojan.ATRAPS.Gen
Microsoft 1.5202 2009.10.26 -
NOD32 4544 2009.10.26 a variant of Win32/TrojanClicker.VB.NKZ
Norman 6.03.02 2009.10.26 -
nProtect 2009.1.8.0 2009.10.26 -
Panda 10.0.2.2 2009.10.26 Suspicious file
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.26 Low Risk Adware
Rising 21.53.04.00 2009.10.26 -
Sophos 4.46.0 2009.10.26 Mal/Behav-024
Sunbelt 3.2.1858.2 2009.10.26 -
Symantec 1.4.4.12 2009.10.26 -
TheHacker 6.5.0.2.053 2009.10.24 -
TrendMicro 8.950.0.1094 2009.10.26 PAK_Generic.001
VBA32 3.12.10.11 2009.10.23 -
ViRobot 2009.10.26.2005 2009.10.26 -
VirusBuster 4.6.5.0 2009.10.26 -
Additional information
File size: 37376 bytes
MD5...: 07d9b92a8d5ff5be5c574d9ca5263b5f
SHA1..: 2231ce4b232740cf33260632f62c3c0c50e1b2a8