| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mal wieder TR/Vundo.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.12.2008, 16:09
| #1 |
 |  mal wieder TR/Vundo.gen hey.. hab mir mal wieder nen virus eingefangen.. habe auch schon eine threads gelesen.. aber alles hat nix geholfen.. hier is mein log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:04:12, on 09.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\bGlsYWx1bWJi\command.exe C:\Programme\Network Monitor\netmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\XpertVision\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Java\jre1.6.0_07\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\prunnet.exe C:\Dokumente und Einstellungen\lilalumbb\Anwendungsdaten\gadcom\gadcom.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Windows Live\Messenger\usnsvc.exe C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\lilalumbb\Desktop\pakete\FixVundo.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programme\HijackThis\hjt.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.refreshpagez.com/?cm=23612<=2&it=2008-10-03%2020%3A47%3A18&dt=2008-10-04%2000%3A46%3A36&q=start.icq.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - Default URLSearchHook is missing O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (file missing) O2 - BHO: {48f3bb19-1094-cf58-4454-e65694f78d86} - {68d87f49-656e-4544-85fc-490191bb3f84} - C:\WINDOWS\system32\uhcmug.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcCTJdA.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: (no name) - {E56E2B7D-B8D9-4FED-BCCA-CDC945D4CAE9} - C:\WINDOWS\system32\khfGaaWq.dll O3 - Toolbar: (no name) - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Gainward] C:\Programme\XpertVision\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NapsterShell] C:\Programme\Napster\napster.exe /systray O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKLM\..\Run: [68e92b16] rundll32.exe "C:\WINDOWS\system32\dlujitum.dll",b O4 - HKLM\..\Run: [Bar] C:\DOKUME~1\LILALU~1\LOKALE~1\Temp\nmwoacxser.tmp O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [AdobeUpdater] "C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe" O4 - HKCU\..\Run: [gadcom] "C:\Dokumente und Einstellungen\lilalumbb\Anwendungsdaten\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASP ER~1\kloehk.dll uhcmug.dll O20 - Winlogon Notify: ddcCTJdA - C:\WINDOWS\SYSTEM32\ddcCTJdA.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bGlsYWx1bWJi\command.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7711 bytes danke schonmal im vorraus |
|
09.12.2008, 16:22
| #2 |
| | mal wieder TR/Vundo.gen ich hab nich viel ahnung, aber mit dem kämpf ich auch grad. Was ich aus meiner erfahrung sagen kann was aufjedenfall schonmal hilft, nich neustrten, viel abgesicherten benutzen, der verbreitet sich und lädt ne menge müll wenn er kann. Was ihn halt besonders doof macht, is dass er seine dateinamen random generiert (whatever.dll). ich hoffe dir wird ähnlich schnell geholfen wie mir, ich bin ihn aber nach 5 tagen arbeit und 7 stunden in dem forum auch noch nich los =)
__________________ |
|
09.12.2008, 16:27
| #3 |
| | mal wieder TR/Vundo.gen das klingt ja vielversprechend.. danke dir..
__________________ |
|
09.12.2008, 16:56
| #4 |
  | mal wieder TR/Vundo.gen Hallo und  Ich möchte dir keine falschen Hoffnungen machen. Du hast einige üble Dinge auf deinem Rechner. Falls es nicht schwerwiegende Gründe gegen ein Neuaufsetzen gibt, so solltest du das tun: http://www.trojaner-board.de/51262-a...sicherung.html In jedem Fall sollten die ersten drei Schritte ausgeführt werden. 1.) Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen: Code:
ATTFilter C:\Programme\Network Monitor\netmon.exe
C:\WINDOWS\bGlsYWx1bWJi\command.exe
C:\WINDOWS\SYSTEM32\ddcCTJdA.dll
C:\Dokumente und Einstellungen\lilalumbb\Anwendungsdaten\gadcom\gadcom.exe
C:\WINDOWS\system32\prunnet.exe
C:\Dokumente und Einstellungen\lilalumbb\Lokale Einstellungen\Temp\nmwoacxser.tmp
C:\WINDOWS\system32\dlujitum.dll
C:\WINDOWS\system32\prunnet.exe
C:\WINDOWS\system32\khfGaaWq.dll
C:\WINDOWS\system32\ddcCTJdA.dll
C:\WINDOWS\system32\uhcmug.dll
3.) Führe dieses MBR-Tool aus und poste die Ausgabe 4.) Blacklight und Malwarebytes Antimalware ausführen und Logfiles posten (Wächter Deines Virenscanner vor dem Scannen deaktivieren!) 5.) Führe Silentrunners nach dieser Anleitung aus und poste das Logfile (mit Codetags umschlossen), falls es zu groß sein sollte kannst Du es (gezippt) bei file-upload.net hochladen und hier verlinken. 6.) ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so: HTML-Code: [code] Hier das Logfile rein! [/code]
Diese listing.txt z.B. bei File-Upload.net hochladen und hier verlinken, da dieses Logfile zu groß fürs Board ist. 8.) Poste ein neues Hijackthis Logfile, nimm dazu diese umbenannte hijackthis.exe Editiere die Links und privaten Infos!! ciao, andreas |
|
09.12.2008, 17:12
| #5 |
| | mal wieder TR/Vundo.gen sehe ich es richtig das ich jetzt von allen oben angezeigten dateien diese ergebniss posten soll?: Datei netmon.exe empfangen 2008.12.09 17:04:54 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 Win-AppCare/Xema.94208.B AntiVir 7.9.0.43 2008.12.09 SPR/NetMon.A Authentium 5.1.0.4 2008.12.08 W32/Monitor.YV Avast 4.8.1281.0 2008.12.08 Win32:Adware-gen AVG 8.0.0.199 2008.12.09 Generic.KGZ BitDefender 7.2 2008.12.09 Adware.CommAd.A CAT-QuickHeal 10.00 2008.12.09 Monitor.NetMon.a (Not a Virus) ClamAV 0.94.1 2008.12.09 Trojan.DNSChanger-45 Comodo 713 2008.12.09 ApplicUnsaf.Win32.Monitor.Netmon.A DrWeb 4.44.0.09170 2008.12.09 Trojan.DnsChange eSafe 7.0.17.0 2008.12.09 Spyware.Gen eTrust-Vet 31.6.6252 2008.12.09 Win32/NetMon.A Ewido 4.0 2008.12.09 Not-A-Virus.Monitor.Win32.NetMon.a F-Prot 4.4.4.56 2008.12.08 W32/Monitor.YV F-Secure 8.0.14332.0 2008.12.09 Monitor.Win32.NetMon.a Fortinet 3.117.0.0 2008.12.09 Adware/SearchAid GData 19 2008.12.09 Adware.CommAd.A Ikarus T3.1.1.45.0 2008.12.08 not-a-virus:Monitor.Win32.NetMon.a K7AntiVirus 7.10.549 2008.12.09 Non-Virus:Monitor.Win32.NetMon.a Kaspersky 7.0.0.125 2008.12.09 not-a-virus:Monitor.Win32.NetMon.a McAfee 5458 2008.12.08 potentially unwanted program Tool-NetMon McAfee+Artemis 5458 2008.12.09 potentially unwanted program Tool-NetMon Microsoft 1.4205 2008.12.09 TrojanDownloader:Win32/Monnet NOD32 3676 2008.12.09 Win32/Monitor.Netmon.A Norman 5.80.02 2008.12.09 W32/NetMon.C Panda 9.0.0.4 2008.12.09 Adware/SearchAid PCTools 4.4.2.0 2008.12.09 Adware.Network_Monitor Prevx1 V2 2008.12.09 Adware Rising 21.07.12.00 2008.12.09 - SecureWeb-Gateway 6.7.6 2008.12.09 Riskware.NetMon.A Sophos 4.36.0 2008.12.09 Netmon Sunbelt 3.1.1832.2 2008.12.01 Backdoor.Win32.NetMon TheHacker 6.3.1.2.180 2008.12.09 Aplicacion/NetMon.a TrendMicro 8.700.0.1004 2008.12.09 - VBA32 3.12.8.10 2008.12.09 - ViRobot 2008.12.9.1509 2008.12.09 Spyware.NetMon.94208 VirusBuster 4.5.11.0 2008.12.09 Adware.NetMon.A weitere Informationen File size: 94208 bytes MD5...: 32760839e42cc4e151a82bc4d89b02de SHA1..: 482eaa8fa42fade4d901aab41b7a6f98e1136070 SHA256: 3a192efddd6c0c1923bdcb1e4fb3dc869abb5d179a1ace3a813ac90da6148079 SHA512: 9fd066a9afe10b3dea284f7f49c34e10f1ca96f7922e1ee52db40d3e3380defb<br>0464f45005817a7c19ec99a8cf2101e9aa9b314ad6d224ce6873a91fa77ba4f2<br> ssdeep: 1536:uzHfUGMNiunKsRb7sj05rLreJA4j0xPsciQ38a6tFco:g/mb42DiQ38a6tF<br>B<br> PEiD..: - TrID..: File type identification<br>Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x403f80<br>timedatestamp.....: 0x43bc55ae (Wed Jan 04 23:09:34 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xfdec 0x10000 6.62 10ab6f60e4325564dbc7103bb48cd979<br>.rdata 0x11000 0x36d4 0x4000 4.72 e1c488dfed03cfa3afd2bdcc80c38685<br>.data 0x15000 0x2d84 0x1000 2.44 91a3cee8d3bbf3e9f60a2f0f4d6fafa9<br>.rsrc 0x18000 0xb0 0x1000 3.06 3f5827a2b0d36266766419a3d048f0d6<br><br>( 6 imports ) <br>> SHLWAPI.dll: PathAppendW<br>> SHELL32.dll: SHGetFolderPathW<br>> USER32.dll: MessageBoxW<br>> ADVAPI32.dll: RegisterServiceCtrlHandlerW, DeleteService, ControlService, OpenServiceW, CloseServiceHandle, StartServiceW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, StartServiceCtrlDispatcherW, SetServiceStatus, OpenSCManagerW, CreateServiceW<br>> WININET.dll: InternetOpenW, HttpOpenRequestW, HttpAddRequestHeadersW, InternetCloseHandle, HttpSendRequestW, HttpQueryInfoW, InternetConnectW<br>> KERNEL32.dll: WriteConsoleW, CreateFileA, CompareStringA, CompareStringW, GetACP, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, RtlUnwind, GetConsoleMode, GetConsoleCP, HeapReAlloc, VirtualAlloc, WriteFile, GetExitCodeProcess, TerminateProcess, CreateDirectoryW, GetLastError, SetFilePointer, WideCharToMultiByte, FlushFileBuffers, CreateFileW, CloseHandle, CreatePipe, GetEnvironmentVariableW, CreateProcessW, PeekNamedPipe, ReadFile, WaitForSingleObject, SetEndOfFile, Sleep, GetCurrentDirectoryW, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, ExitProcess, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetStartupInfoW, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, SetEnvironmentVariableA, GetOEMCP, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, RaiseException, GetTimeZoneInformation, MultiByteToWideChar, GetTimeFormatA, GetDateFormatA, GetStdHandle, GetModuleFileNameA, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, LoadLibraryA, InitializeCriticalSection, GetModuleFileNameW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize<br><br>( 0 exports ) <br> ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=32760839e42cc4e151a82bc4d89b02de' target='_blank'>http://www.threatexpert.com/report.aspx?md5=32760839e42cc4e151a82bc4d89b02de</a> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0777402B00DF51ED70D901637CD28B00E54E2415' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0777402B00DF51ED70D901637CD28B00E54E2415</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=32760839e42cc4e151a82bc4d89b02de' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=32760839e42cc4e151a82bc4d89b02de</a> |
|
09.12.2008, 17:15
| #6 | |
| | mal wieder TR/Vundo.genZitat:
 |
|
09.12.2008, 17:19
| #7 |
| | mal wieder TR/Vundo.gen Datei command.exe empfangen 2008.12.09 17:05:51 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 Win-Trojan/Proxy.293888 AntiVir 7.9.0.43 2008.12.09 TR/Spy.Banbra.df.199 Authentium 5.1.0.4 2008.12.08 W32/Agent.WF Avast 4.8.1281.0 2008.12.08 Win32:Adware-gen AVG 8.0.0.199 2008.12.09 Generic2.OQO BitDefender 7.2 2008.12.09 Adware.CommAd.A CAT-QuickHeal 10.00 2008.12.09 AdWare.CommAd.a (Not a Virus) ClamAV 0.94.1 2008.12.09 Trojan.Downloader.VB-104 Comodo 713 2008.12.09 Application.Win32.Adware.CommAd DrWeb 4.44.0.09170 2008.12.09 Trojan.Proxy.493 eSafe 7.0.17.0 2008.12.09 Spyware.Gen eTrust-Vet 31.6.6252 2008.12.09 - Ewido 4.0 2008.12.09 Adware.CommAd F-Prot 4.4.4.56 2008.12.08 W32/Agent.WF F-Secure 8.0.14332.0 2008.12.09 AdWare.Win32.CommAd.a Fortinet 3.117.0.0 2008.12.09 Adware/CommAd GData 19 2008.12.09 Adware.CommAd.A Ikarus T3.1.1.45.0 2008.12.08 Trojan-Proxy.Win32.Delf.av K7AntiVirus 7.10.549 2008.12.09 Non-Virus:AdWare.Win32.CommAd.a Kaspersky 7.0.0.125 2008.12.09 not-a-virus:AdWare.Win32.CommAd.a McAfee 5458 2008.12.08 potentially unwanted program Adware-Isearch McAfee+Artemis 5458 2008.12.09 potentially unwanted program Generic!Artemis Microsoft 1.4205 2008.12.09 Adware:Win32/CMDService NOD32 3676 2008.12.09 Win32/Adware.CommAd Norman 5.80.02 2008.12.09 W32/CommAd.A Panda 9.0.0.4 2008.12.09 Adware/CommAd PCTools 4.4.2.0 2008.12.09 Adware.I-Search_Desktop_Search_Toolbar Prevx1 V2 2008.12.09 Adware Rising 21.07.12.00 2008.12.09 Backdoor.BlackHole.ax SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Spy.Banbra.df.199 Sophos 4.36.0 2008.12.09 CommAd Sunbelt 3.1.1832.2 2008.12.01 Command Service Symantec 10 2008.12.09 Spyware.ISearch TheHacker 6.3.1.2.180 2008.12.09 Adware/CommAd.a TrendMicro 8.700.0.1004 2008.12.09 - VBA32 3.12.8.10 2008.12.09 AdWare.Win32.CommAd.a ViRobot 2008.12.9.1509 2008.12.09 Trojan.Win32.CommAd.293888 VirusBuster 4.5.11.0 2008.12.09 Adware.CommAd.C weitere Informationen File size: 293888 bytes MD5...: 3e2c234dde711c6754f2df994fb3cc94 SHA1..: 14ed43e58d0fea3404886824d011814a241caaac SHA256: 9a9fdfd860eda1ce8539f33ffd232055c695f15ff3773bef266d736fc6d33bf8 SHA512: 3e824869fb530e98f4f20cd0a8287e5c5911e511daca33627f2ee60b6e7ad8ba<br>2d2ea25b973f80eebc389c5e4ffa8d9665003a89adb19242dc3217136983bfc9<br> ssdeep: 6144:K6C76Qa1QBwrd86VwOkcVrJdL7KzHmJnmXc6cW6PH8mDlBO:O611QkqMnR6<br>zHouu/a<br> PEiD..: - TrID..: File type identification<br>UPX compressed Win32 Executable (38.5%)<br>Win32 EXE Yoda's Crypter (33.4%)<br>Win32 Executable Generic (10.7%)<br>Win32 Dynamic Link Library (generic) (9.5%)<br>Win16/32 Executable Delphi generic (2.6%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4ba1a0<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x73000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x74000 0x47000 0x46400 7.93 b94e50a0e8c48e9a24aa107c90ff871f<br>.rsrc 0xbb000 0x2000 0x1400 3.48 d9898a4ea78a6a8c58d29b50207eab95<br><br>( 9 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess<br>> advapi32.dll: EqualSid<br>> comctl32.dll: ImageList_Add<br>> gdi32.dll: SaveDC<br>> netapi32.dll: Netbios<br>> ole32.dll: OleDraw<br>> oleaut32.dll: VariantCopy<br>> user32.dll: GetDC<br>> version.dll: VerQueryValueA<br><br>( 0 exports ) <br> ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=3e2c234dde711c6754f2df994fb3cc94' target='_blank'>http://www.threatexpert.com/report.aspx?md5=3e2c234dde711c6754f2df994fb3cc94</a> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7E580807007BAEEB7C58041E7DB2200038FAAD4A' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7E580807007BAEEB7C58041E7DB2200038FAAD4A</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3e2c234dde711c6754f2df994fb3cc94' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3e2c234dde711c6754f2df994fb3cc94</a> packers (Kaspersky): UPX Datei ddcCTJdA.dll empfangen 2008.12.09 17:13:47 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 - AntiVir 7.9.0.43 2008.12.09 TR/Killav.AC Authentium 5.1.0.4 2008.12.08 - Avast 4.8.1281.0 2008.12.08 Win32:Rootkit-gen AVG 8.0.0.199 2008.12.09 Generic12.UGM BitDefender 7.2 2008.12.09 - CAT-QuickHeal 10.00 2008.12.09 Trojan.Pakes.mag ClamAV 0.94.1 2008.12.09 - Comodo 713 2008.12.09 - DrWeb 4.44.0.09170 2008.12.09 Trojan.Virtumod.1466 eSafe 7.0.17.0 2008.12.09 Suspicious File eTrust-Vet 31.6.6252 2008.12.09 Win32/Vundo.BJT Ewido 4.0 2008.12.09 - F-Prot 4.4.4.56 2008.12.08 - F-Secure 8.0.14332.0 2008.12.09 Trojan.Win32.Pakes.mag Fortinet 3.117.0.0 2008.12.09 PossibleThreat GData 19 2008.12.09 Win32:Rootkit-gen Ikarus T3.1.1.45.0 2008.12.08 Trojan.Win32.Vundo K7AntiVirus 7.10.549 2008.12.09 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2008.12.09 Trojan.Win32.Pakes.mag McAfee 5458 2008.12.08 Vundo McAfee+Artemis 5458 2008.12.09 Vundo Microsoft 1.4205 2008.12.09 Trojan:Win32/Vundo.gen!AE NOD32 3676 2008.12.09 Win32/Adware.Virtumonde Norman 5.80.02 2008.12.09 W32/Virtumonde.AEWN Panda 9.0.0.4 2008.12.09 Spyware/Virtumonde PCTools 4.4.2.0 2008.12.09 - Prevx1 V2 2008.12.09 Fraudulent Security Program Rising 21.07.12.00 2008.12.09 - SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Killav.AC Sophos 4.36.0 2008.12.09 Troj/Virtum-Gen Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.09 Trojan.Vundo TheHacker 6.3.1.2.180 2008.12.09 - TrendMicro 8.700.0.1004 2008.12.09 TROJ_VUNDO.AUZ VBA32 3.12.8.10 2008.12.09 Win32.Adware.Virtumonde ViRobot 2008.12.9.1509 2008.12.09 - VirusBuster 4.5.11.0 2008.12.09 - weitere Informationen File size: 34816 bytes MD5...: 42343b4e3d4dc5044b5f96e4ab87c6ee SHA1..: 9f8896084e24dad83a0e748f6c66aec2a87da4f9 SHA256: 331d4a2ec6df3fe4559574a1e80f72bd2ea7dfdc1aa71dab580bc3e7ce96b6f2 SHA512: 0a617885166c240e8ac22ef3499e67bd7c53000b1d9d1bb3256d62ecc1dae9f2<br>69e2104d535f7294855e26af938e6cf2e136d18472478f069f36c2e85aa6e707<br> ssdeep: 768:NmgaYMcOaxeJLFieBdHY+gr1IKNDxchakRQEY:ROcDenl3Nw2KnchR2<br> PEiD..: - TrID..: File type identification<br>Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.2%)<br>Clipper DOS Executable (9.1%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10015668<br>timedatestamp.....: 0x4823658c (Thu May 08 20:41:48 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1000 0x200 7.64 9ab695a5dbbd3f95d5fae6f0a4793b24<br>.rdata 0x2000 0x1000 0x200 7.60 5cb555d1812fa335827a666dc97a15c0<br>.data 0x3000 0x11000 0x5400 7.99 54dde50e44e2b4055235924b16db731d<br>.data 0x14000 0x1000 0x400 1.78 2fd8f7c62adc273acfcbda2eb5106cab<br>.pdata 0x15000 0x3000 0x2800 3.72 4b5042e7a9312e6f49ef5fdcab1eb5fd<br><br>( 3 imports ) <br>> USER32.dll: SystemParametersInfoA, GetSystemMetrics<br>> KERNEL32.dll: ExitProcess, GetSystemInfo, CreateFileA<br>> GDI32.dll: CreateHalftonePalette<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=34AED8340092C1A788F90006A7AFEF005EEE3823' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=34AED8340092C1A788F90006A7AFEF005EEE3823</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=42343b4e3d4dc5044b5f96e4ab87c6ee' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=42343b4e3d4dc5044b5f96e4ab87c6ee</a> Datei gadcom.exe empfangen 2008.12.09 17:14:24 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 - AntiVir 7.9.0.43 2008.12.09 TR/Agent.asmf Authentium 5.1.0.4 2008.12.08 W32/Downloader.F.gen!Eldorado Avast 4.8.1281.0 2008.12.08 - AVG 8.0.0.199 2008.12.09 Agent.AOEW BitDefender 7.2 2008.12.09 Trojan.Generic.1215518 CAT-QuickHeal 10.00 2008.12.09 - ClamAV 0.94.1 2008.12.09 - Comodo 713 2008.12.09 - DrWeb 4.44.0.09170 2008.12.09 - eSafe 7.0.17.0 2008.12.09 Win32.Agent.asmf eTrust-Vet 31.6.6252 2008.12.09 Win32/Padcom.A Ewido 4.0 2008.12.09 - F-Prot 4.4.4.56 2008.12.08 W32/Downloader.F.gen!Eldorado F-Secure 8.0.14332.0 2008.12.09 Trojan.Win32.Agent.asmf Fortinet 3.117.0.0 2008.12.09 W32/Agent.ASMF!tr GData 19 2008.12.09 Trojan.Generic.1215518 Ikarus T3.1.1.45.0 2008.12.08 Trojan-Downloader.Win32.Padcom K7AntiVirus 7.10.549 2008.12.09 Trojan.Win32.Agent.asmf Kaspersky 7.0.0.125 2008.12.09 Trojan.Win32.Agent.asmf McAfee 5458 2008.12.08 Generic Downloader.x McAfee+Artemis 5458 2008.12.09 Generic Downloader.x Microsoft 1.4205 2008.12.09 TrojanDownloader:Win32/Padcom.A NOD32 3676 2008.12.09 Win32/TrojanDownloader.Agent.OOL Norman 5.80.02 2008.12.09 W32/Agent.JSLR Panda 9.0.0.4 2008.12.09 Trj/Downloader.UZE PCTools 4.4.2.0 2008.12.09 Trojan.Agent!sd6 Prevx1 V2 2008.12.09 Adware Rising 21.07.12.00 2008.12.09 - SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Agent.asmf Sophos 4.36.0 2008.12.09 Mal/Generic-A Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.09 Infostealer TheHacker 6.3.1.2.180 2008.12.09 - TrendMicro 8.700.0.1004 2008.12.09 PAK_Generic.001 VBA32 3.12.8.10 2008.12.09 Trojan.Win32.Agent.asmf ViRobot 2008.12.9.1509 2008.12.09 Trojan.Win32.Agent.56832.I VirusBuster 4.5.11.0 2008.12.09 - weitere Informationen File size: 56832 bytes MD5...: 8c9d0929a80ef287e3979ef09e7c9abf SHA1..: ecdc8d06cca7b610ced4da0919f3ec340420e2c7 SHA256: ac7adf4f99f4ba76fa15c9f9962a895504658770c008a8bf3e86a5d0eed859f4 SHA512: 33dc804b288023640d86df1be0a41df25ab5d50d14712bf787721d26809272dd<br>c333618344a6c16a539a93a98f64b05063897ce3e134f7bb5f4e12e269aa523b<br> ssdeep: 1536:lYc4v6obfA5nmGbK27/6Rtd/gj3v3jF5EY:Av6obfAMV272XgLv3jFV<br> PEiD..: - TrID..: File type identification<br>UPX compressed Win32 Executable (39.5%)<br>Win32 EXE Yoda's Crypter (34.3%)<br>Win32 Executable Generic (11.0%)<br>Win32 Dynamic Link Library (generic) (9.8%)<br>Generic Win/DOS Executable (2.5%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4255f0<br>timedatestamp.....: 0x4936a9b3 (Wed Dec 03 15:45:55 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x17000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x18000 0xe000 0xd800 7.91 738814a1bfb00ab84035f1fe07bae175<br>UPX2 0x26000 0x1000 0x200 3.79 e9e7babc777f3abb18a3019ab513fd8f<br><br>( 6 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> ADVAPI32.dll: RegCloseKey<br>> SHELL32.dll: SHGetSpecialFolderPathA<br>> SHLWAPI.dll: StrStrIA<br>> USER32.dll: wsprintfA<br>> WININET.dll: InternetOpenA<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=3B4986BB007277B5DE0600BBA427AF00CC2455B6' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=3B4986BB007277B5DE0600BBA427AF00CC2455B6</a> ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=8c9d0929a80ef287e3979ef09e7c9abf' target='_blank'>http://www.threatexpert.com/report.aspx?md5=8c9d0929a80ef287e3979ef09e7c9abf</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=8c9d0929a80ef287e3979ef09e7c9abf' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=8c9d0929a80ef287e3979ef09e7c9abf</a> packers (Kaspersky): PE_Patch.UPX, UPX |
|
09.12.2008, 17:20
| #8 |
| | mal wieder TR/Vundo.gen Datei prunnet.exe empfangen 2008.12.09 17:14:38 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 - AntiVir 7.9.0.43 2008.12.09 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2008.12.08 - Avast 4.8.1281.0 2008.12.08 - AVG 8.0.0.199 2008.12.09 SHeur2.FJD BitDefender 7.2 2008.12.09 - CAT-QuickHeal 10.00 2008.12.09 (Suspicious) - DNAScan ClamAV 0.94.1 2008.12.09 - Comodo 713 2008.12.09 - DrWeb 4.44.0.09170 2008.12.09 - eSafe 7.0.17.0 2008.12.09 - eTrust-Vet 31.6.6252 2008.12.09 - Ewido 4.0 2008.12.09 - F-Prot 4.4.4.56 2008.12.08 - F-Secure 8.0.14332.0 2008.12.09 Trojan.Win32.VB.hmc Fortinet 3.117.0.0 2008.12.09 - GData 19 2008.12.09 - Ikarus T3.1.1.45.0 2008.12.08 - K7AntiVirus 7.10.549 2008.12.09 - Kaspersky 7.0.0.125 2008.12.09 Trojan.Win32.VB.hmc McAfee 5458 2008.12.08 - McAfee+Artemis 5458 2008.12.09 - Microsoft 1.4205 2008.12.09 - NOD32 3676 2008.12.09 - Norman 5.80.02 2008.12.09 - Panda 9.0.0.4 2008.12.09 Suspicious file PCTools 4.4.2.0 2008.12.09 - Prevx1 V2 2008.12.09 Cloaked Malware Rising 21.07.12.00 2008.12.09 - SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Crypt.XPACK.Gen Sophos 4.36.0 2008.12.09 Troj/Punad-B Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.09 Downloader TheHacker 6.3.1.2.180 2008.12.09 - TrendMicro 8.700.0.1004 2008.12.09 - VBA32 3.12.8.10 2008.12.09 - ViRobot 2008.12.9.1509 2008.12.09 - VirusBuster 4.5.11.0 2008.12.09 - weitere Informationen File size: 94272 bytes MD5...: ddfcae620452f63bb14fb821ee442ca1 SHA1..: a1cafc39c9efdcc771fe5bdb0a06ec92f3f7bc2a SHA256: ae8c683c3dee149eac6226f409c2f27d8191c573ea49abb2c130e6861cf971f0 SHA512: 4f30748d895d18d7f66c14f8a6e4355d979c5e5bfaa4c867965ac619414a3e72<br>d811d23e593e0d7d9801f6656c5706dab54ca7238e9335d58e9f5b8c802274d3<br> ssdeep: 1536:67rA6XIOApC450mT8Ib6pZ3Sb64dtM98Eegynhg/AW3240Q0BN6TGBZ:fwA<br>w450d26Xa64dtxRtU93EQKZ<br> PEiD..: - TrID..: File type identification<br>Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4258e5<br>timedatestamp.....: 0x4938e4ec (Fri Dec 05 08:23:08 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xb524 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.data 0xd000 0xe2c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0xe000 0x3da8 0x4000 3.48 586e315b264643b37e233ebc8fd76df6<br>.adata0 0x12000 0x70b8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.adata1 0x1a000 0x105f2 0x11000 7.68 6d6a7fb3c697598311c3e3f7545f5924<br>.reloc 0x2b000 0x74 0x1000 0.20 badb2c9fdc6137574ecfea54061537f1<br><br>( 3 imports ) <br>> MSVBVM60.DLL: MethCallEngine<br>> kernel32.dll: LoadLibraryA, VirtualProtect, GetModuleFileNameA, ExitProcess<br>> user32.dll: MessageBoxA<br><br>( 0 exports ) <br> ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=ddfcae620452f63bb14fb821ee442ca1' target='_blank'>http://www.threatexpert.com/report.aspx?md5=ddfcae620452f63bb14fb821ee442ca1</a> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=07212B1540127520701F01BD99AEF20006106351' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=07212B1540127520701F01BD99AEF20006106351</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ddfcae620452f63bb14fb821ee442ca1' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ddfcae620452f63bb14fb821ee442ca1</a> Datei nmwoacxser.tmp empfangen 2008.12.09 17:15:03 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 - AntiVir 7.9.0.43 2008.12.09 - Authentium 5.1.0.4 2008.12.08 - Avast 4.8.1281.0 2008.12.08 - AVG 8.0.0.199 2008.12.09 Generic3.ADOA BitDefender 7.2 2008.12.09 Trojan.Generic.1220350 CAT-QuickHeal 10.00 2008.12.09 - ClamAV 0.94.1 2008.12.09 - Comodo 713 2008.12.09 - DrWeb 4.44.0.09170 2008.12.09 Trojan.DownLoad.23535 eSafe 7.0.17.0 2008.12.09 - eTrust-Vet 31.6.6252 2008.12.09 - Ewido 4.0 2008.12.09 - F-Prot 4.4.4.56 2008.12.08 - F-Secure 8.0.14332.0 2008.12.09 - Fortinet 3.117.0.0 2008.12.09 - GData 19 2008.12.09 Trojan.Generic.1220350 Ikarus T3.1.1.45.0 2008.12.08 - K7AntiVirus 7.10.549 2008.12.09 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2008.12.09 - McAfee 5458 2008.12.08 potentially unwanted program Generic PUP McAfee+Artemis 5458 2008.12.09 potentially unwanted program Generic PUP Microsoft 1.4205 2008.12.09 Adware:Win32/Mirar NOD32 3676 2008.12.09 probably a variant of Win32/Adware.Mirar Norman 5.80.02 2008.12.09 - Panda 9.0.0.4 2008.12.09 - PCTools 4.4.2.0 2008.12.09 - Prevx1 V2 2008.12.09 Malicious Software Rising 21.07.12.00 2008.12.09 - SecureWeb-Gateway 6.7.6 2008.12.09 - Sophos 4.36.0 2008.12.09 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.09 Download.Adware TheHacker 6.3.1.2.180 2008.12.09 - TrendMicro 8.700.0.1004 2008.12.09 - VBA32 3.12.8.10 2008.12.09 - ViRobot 2008.12.9.1509 2008.12.09 - VirusBuster 4.5.11.0 2008.12.09 - weitere Informationen File size: 110592 bytes MD5...: 77d3fe655fd3ec4f56fb92680819c3bf SHA1..: b92a176e15ac8d9fef4678598d4611083306e9b1 SHA256: 4de8697028376bff493cdfcd30801c0fd3d2c1f65a5e1e56e0efd2aed6e87196 SHA512: 6f0df04a3bb41141eb03d22ab46a59f728e59169b7554f6e5559ac1be9d97e19<br>40048dacade31bf69f8f18de557f150b03bd13fde569ea05b72bb508b0e2b943<br> ssdeep: 1536:U11eS3HTweeRcTKmXYT2k2gOrF1STuNFJctySEEaMOSBgglpNn/x1:U11e6<br>HTPeGon2gyFgnIEzTBbl//x1<br> PEiD..: Armadillo v1.71 TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40498f<br>timedatestamp.....: 0x492760ec (Sat Nov 22 01:31:24 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1143e 0x12000 6.43 0913926bf747f34874507d9a40baf91d<br>.rdata 0x13000 0x3ed2 0x4000 4.75 24fa1f0da638f274bfade02cd58a791d<br>.data 0x17000 0x4b80 0x2000 2.28 3d24f421ab76582169861583ef387829<br>.rsrc 0x1c000 0x1020 0x2000 2.36 fec7ed9beb715fbc1f9dff1518745f66<br><br>( 11 imports ) <br>> SETUPAPI.dll: SetupIterateCabinetA<br>> KERNEL32.dll: GetModuleHandleA, GlobalDeleteAtom, GlobalFindAtomA, GlobalAddAtomA, GlobalGetAtomNameA, FreeLibrary, GetProcessVersion, GlobalFlags, GetCPInfo, GetOEMCP, RtlUnwind, ExitProcess, TerminateProcess, GetStartupInfoA, GetCommandLineA, HeapAlloc, HeapFree, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetACP, RaiseException, HeapSize, GetVersion, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalAlloc, GlobalReAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, TlsAlloc, LocalAlloc, lstrcmpA, GetCurrentThreadId, GetFileTime, GetFileSize, GetFileAttributesA, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, FileTimeToLocalFileTime, GetTempFileNameA, FileTimeToSystemTime, SetErrorMode, lstrcmpiA, GetFullPathNameA, lstrcpynA, GetVolumeInformationA, FindFirstFileA, FindClose, LoadLibraryA, GetProcAddress, SetEndOfFile, UnlockFile, LockFile, CloseHandle, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetCurrentProcess, DuplicateHandle, LocalFree, InterlockedDecrement, InterlockedIncrement, lstrcpyA, lstrcatA, Sleep, MultiByteToWideChar, lstrlenW, WideCharToMultiByte, CreateMutexA, GetLastError, ReleaseMutex, GetModuleFileNameA, lstrlenA, GetTickCount, GetTempPathA, HeapReAlloc<br>> USER32.dll: AdjustWindowRectEx, SetFocus, GetSysColor, MapWindowPoints, PostMessageA, LoadIconA, SetWindowTextA, LoadCursorA, GetSysColorBrush, ReleaseDC, GetDC, GetClassNameA, PtInRect, ClientToScreen, PostQuitMessage, DestroyMenu, TabbedTextOutA, DrawTextA, GrayStringA, GetTopWindow, GetClientRect, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, DestroyWindow, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, EnableWindow, UnhookWindowsHookEx, DispatchMessageA, SendMessageA, GetKeyState, CallNextHookEx, CopyRect, GetCapture, PeekMessageA, SetWindowsHookExA, LoadStringA, GetSystemMetrics, CharUpperA, GetMenuCheckMarkDimensions<br>> GDI32.dll: GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, SelectObject, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SaveDC, RestoreDC, DeleteDC, DeleteObject, GetDeviceCaps, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap<br>> comdlg32.dll: GetFileTitleA<br>> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter<br>> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExA, RegDeleteValueA, RegOpenKeyA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegOpenKeyExA, RegCloseKey, RegEnumKeyExA<br>> SHELL32.dll: ShellExecuteA<br>> COMCTL32.dll: -<br>> ole32.dll: CoTaskMemFree, StringFromCLSID, CLSIDFromString<br>> WININET.dll: InternetReadFile, InternetQueryDataAvailable, InternetOpenUrlA, InternetOpenA, InternetCloseHandle<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=9D59A2600077B362B062012E480CAD006CF26537' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=9D59A2600077B362B062012E480CAD006CF26537</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=77d3fe655fd3ec4f56fb92680819c3bf' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=77d3fe655fd3ec4f56fb92680819c3bf</a> Datei dlujitum.dll empfangen 2008.12.09 17:15:26 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 - AntiVir 7.9.0.43 2008.12.09 TR/Vundo.Gen Authentium 5.1.0.4 2008.12.08 - Avast 4.8.1281.0 2008.12.08 - AVG 8.0.0.199 2008.12.09 - BitDefender 7.2 2008.12.09 - CAT-QuickHeal 10.00 2008.12.09 - ClamAV 0.94.1 2008.12.09 - Comodo 713 2008.12.09 - DrWeb 4.44.0.09170 2008.12.09 - eSafe 7.0.17.0 2008.12.09 Suspicious File eTrust-Vet 31.6.6252 2008.12.09 - Ewido 4.0 2008.12.09 - F-Prot 4.4.4.56 2008.12.08 - F-Secure 8.0.14332.0 2008.12.09 - Fortinet 3.117.0.0 2008.12.09 - GData 19 2008.12.09 - Ikarus T3.1.1.45.0 2008.12.08 - K7AntiVirus 7.10.549 2008.12.09 - Kaspersky 7.0.0.125 2008.12.09 - McAfee 5458 2008.12.08 - McAfee+Artemis 5458 2008.12.09 Generic!Artemis Microsoft 1.4205 2008.12.09 Trojan:Win32/Vundo.gen!AE NOD32 3676 2008.12.09 - Norman 5.80.02 2008.12.09 - Panda 9.0.0.4 2008.12.09 - PCTools 4.4.2.0 2008.12.09 - Prevx1 V2 2008.12.09 Fraudulent Security Program Rising 21.07.12.00 2008.12.09 - SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Vundo.Gen Sophos 4.36.0 2008.12.09 Troj/Virtum-Gen Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.09 Trojan.Vundo TheHacker 6.3.1.2.180 2008.12.09 - TrendMicro 8.700.0.1004 2008.12.09 - VBA32 3.12.8.10 2008.12.09 - ViRobot 2008.12.9.1509 2008.12.09 - VirusBuster 4.5.11.0 2008.12.09 - weitere Informationen File size: 72704 bytes MD5...: 3a1baa0e47f2015d8b202bf8ef6bebe1 SHA1..: 8187231cc83f9c77fb56d75a5fbe6dce9455a650 SHA256: 62d05118009aaf613f7aa8293e37224f18ea79498af02eb6db08c3bf1c16f153 SHA512: 7654bab66b8698af1a9338c6b8e13a53e3eae94782f676f9ec37c2d3330abff1<br>0c3aeb35f3cb7061e3da2f7f9500de4c2f606e7a54de57fe2227debf20328f86<br> ssdeep: 1536:hAurMDbg2eX2DiFGWxizpHrtLTQ1vggE1YoGhTs:GWiPlnLigNGR<br> PEiD..: - TrID..: File type identification<br>Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.2%)<br>Clipper DOS Executable (9.1%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1002166f<br>timedatestamp.....: 0x48239997 (Fri May 09 00:23:51 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1000 0x200 7.62 61e580be8e0f262c56ac1ed8d520a614<br>.rdata 0x2000 0x1000 0x200 7.63 c0e407213e3beb1b78f1f671543dbac1<br>.data 0x3000 0x1d000 0xe800 8.00 9c82c967df53594dd9024eba2bac1b14<br>.data 0x20000 0x1000 0x400 1.75 3e9d48b4880710f0f9c27577dd086f3b<br>.pdata 0x21000 0x3000 0x2800 3.72 8b08d8a32e9513dce37b7775042d23e8<br><br>( 3 imports ) <br>> USER32.dll: SystemParametersInfoA, GetSystemMetrics<br>> KERNEL32.dll: ExitProcess, GetSystemInfo, CreateFileA<br>> GDI32.dll: CreateHalftonePalette<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=3559A6D9004B4DE11CEE0132FE2DE200E731624B' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=3559A6D9004B4DE11CEE0132FE2DE200E731624B</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3a1baa0e47f2015d8b202bf8ef6bebe1' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3a1baa0e47f2015d8b202bf8ef6bebe1</a> |
|
09.12.2008, 17:22
| #9 |
| | mal wieder TR/Vundo.gen Datei prunnet.exe empfangen 2008.12.09 17:15:47 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 - AntiVir 7.9.0.43 2008.12.09 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2008.12.08 - Avast 4.8.1281.0 2008.12.08 - AVG 8.0.0.199 2008.12.09 SHeur2.FJD BitDefender 7.2 2008.12.09 - CAT-QuickHeal 10.00 2008.12.09 (Suspicious) - DNAScan ClamAV 0.94.1 2008.12.09 - Comodo 713 2008.12.09 - DrWeb 4.44.0.09170 2008.12.09 - eSafe 7.0.17.0 2008.12.09 - eTrust-Vet 31.6.6252 2008.12.09 - Ewido 4.0 2008.12.09 - F-Prot 4.4.4.56 2008.12.08 - F-Secure 8.0.14332.0 2008.12.09 Trojan.Win32.VB.hmc Fortinet 3.117.0.0 2008.12.09 - GData 19 2008.12.09 - Ikarus T3.1.1.45.0 2008.12.08 - K7AntiVirus 7.10.549 2008.12.09 - Kaspersky 7.0.0.125 2008.12.09 Trojan.Win32.VB.hmc McAfee 5458 2008.12.08 - McAfee+Artemis 5458 2008.12.09 - Microsoft 1.4205 2008.12.09 - NOD32 3676 2008.12.09 - Norman 5.80.02 2008.12.09 - Panda 9.0.0.4 2008.12.09 Suspicious file PCTools 4.4.2.0 2008.12.09 - Prevx1 V2 2008.12.09 Cloaked Malware Rising 21.07.12.00 2008.12.09 - SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Crypt.XPACK.Gen Sophos 4.36.0 2008.12.09 Troj/Punad-B Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.09 Downloader TheHacker 6.3.1.2.180 2008.12.09 - TrendMicro 8.700.0.1004 2008.12.09 - VBA32 3.12.8.10 2008.12.09 - ViRobot 2008.12.9.1509 2008.12.09 - VirusBuster 4.5.11.0 2008.12.09 - weitere Informationen File size: 94272 bytes MD5...: ddfcae620452f63bb14fb821ee442ca1 SHA1..: a1cafc39c9efdcc771fe5bdb0a06ec92f3f7bc2a SHA256: ae8c683c3dee149eac6226f409c2f27d8191c573ea49abb2c130e6861cf971f0 SHA512: 4f30748d895d18d7f66c14f8a6e4355d979c5e5bfaa4c867965ac619414a3e72<br>d811d23e593e0d7d9801f6656c5706dab54ca7238e9335d58e9f5b8c802274d3<br> ssdeep: 1536:67rA6XIOApC450mT8Ib6pZ3Sb64dtM98Eegynhg/AW3240Q0BN6TGBZ:fwA<br>w450d26Xa64dtxRtU93EQKZ<br> PEiD..: - TrID..: File type identification<br>Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4258e5<br>timedatestamp.....: 0x4938e4ec (Fri Dec 05 08:23:08 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xb524 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.data 0xd000 0xe2c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rsrc 0xe000 0x3da8 0x4000 3.48 586e315b264643b37e233ebc8fd76df6<br>.adata0 0x12000 0x70b8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.adata1 0x1a000 0x105f2 0x11000 7.68 6d6a7fb3c697598311c3e3f7545f5924<br>.reloc 0x2b000 0x74 0x1000 0.20 badb2c9fdc6137574ecfea54061537f1<br><br>( 3 imports ) <br>> MSVBVM60.DLL: MethCallEngine<br>> kernel32.dll: LoadLibraryA, VirtualProtect, GetModuleFileNameA, ExitProcess<br>> user32.dll: MessageBoxA<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=07212B1540127520701F01BD99AEF20006106351' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=07212B1540127520701F01BD99AEF20006106351</a> ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=ddfcae620452f63bb14fb821ee442ca1' target='_blank'>http://www.threatexpert.com/report.aspx?md5=ddfcae620452f63bb14fb821ee442ca1</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ddfcae620452f63bb14fb821ee442ca1' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ddfcae620452f63bb14fb821ee442ca1</a> Datei khfGaaWq.dll empfangen 2008.12.09 17:16:05 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 - AntiVir 7.9.0.43 2008.12.09 TR/Vundo.Gen Authentium 5.1.0.4 2008.12.08 - Avast 4.8.1281.0 2008.12.08 - AVG 8.0.0.199 2008.12.09 - BitDefender 7.2 2008.12.09 - CAT-QuickHeal 10.00 2008.12.09 - ClamAV 0.94.1 2008.12.09 - Comodo 713 2008.12.09 - DrWeb 4.44.0.09170 2008.12.09 Trojan.Virtumod.855 eSafe 7.0.17.0 2008.12.09 - eTrust-Vet 31.6.6252 2008.12.09 - Ewido 4.0 2008.12.09 - F-Prot 4.4.4.56 2008.12.08 - F-Secure 8.0.14332.0 2008.12.09 - Fortinet 3.117.0.0 2008.12.09 - GData 19 2008.12.09 - Ikarus T3.1.1.45.0 2008.12.08 - K7AntiVirus 7.10.549 2008.12.09 - Kaspersky 7.0.0.125 2008.12.09 - McAfee 5458 2008.12.08 - McAfee+Artemis 5458 2008.12.09 - Microsoft 1.4205 2008.12.09 Trojan:Win32/Vundo.D NOD32 3676 2008.12.09 - Norman 5.80.02 2008.12.09 - Panda 9.0.0.4 2008.12.09 - PCTools 4.4.2.0 2008.12.09 - Prevx1 V2 2008.12.09 - Rising 21.07.12.00 2008.12.09 AdWare.Win32.Undef.drd SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Vundo.Gen Sophos 4.36.0 2008.12.09 Troj/Virtum-Gen Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.09 Packed.Generic.190 TheHacker 6.3.1.2.180 2008.12.09 - TrendMicro 8.700.0.1004 2008.12.09 - VBA32 3.12.8.10 2008.12.09 - ViRobot 2008.12.9.1509 2008.12.09 - VirusBuster 4.5.11.0 2008.12.09 - weitere Informationen File size: 302592 bytes MD5...: fceba567bcc7ae4548555d5a7de65524 SHA1..: fc6432359cb285aec443f9754023508579e374e8 SHA256: 9d13f6500f4b989c5b6e209af1270963f7ad755e8861cd90c86a80befd795464 SHA512: a4f37724d9472495a704ebe3187591ecc02a5a2dcdcaac36b6796e9e418fdcfb<br>a6cc5f3f0d0033b000435d1d2e20aaa56d92e6ec15353fe1ecd7e2e5b1c9effd<br> ssdeep: 6144:xX/vYxChLYwIQsb0HKCxdAjBgFVDBuxAgj0QMF:xXCaYWKisGgjzMF<br> PEiD..: - TrID..: File type identification<br>Win32 Executable Generic (38.5%)<br>Win32 Dynamic Link Library (generic) (34.2%)<br>Clipper DOS Executable (9.1%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1009f65b<br>timedatestamp.....: 0x482387da (Thu May 08 23:08:10 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1000 0x200 7.59 5d82ebfae81870834458d168ecbbd7f7<br>.rdata 0x2000 0x1000 0x200 7.64 d9152759544516a33c83fc58c79b1dd1<br>.data 0x3000 0x9b000 0x46a00 8.00 c88d240683d9cc43e42e3d151fd9e98d<br>.data 0x9e000 0x1000 0x400 1.82 43450103f971b2f2486b0dd37c86cd04<br>.pdata 0x9f000 0x3000 0x2800 4.88 4bdfa3f7653c697f40b4cf39b77a7bd4<br><br>( 3 imports ) <br>> USER32.dll: SystemParametersInfoA, GetSystemMetrics<br>> KERNEL32.dll: ExitProcess, GetSystemInfo, CreateFileA<br>> GDI32.dll: CreateHalftonePalette<br><br>( 0 exports ) <br> Datei ddcCTJdA.dll empfangen 2008.12.09 17:16:21 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 - AntiVir 7.9.0.43 2008.12.09 TR/Killav.AC Authentium 5.1.0.4 2008.12.08 - Avast 4.8.1281.0 2008.12.08 Win32:Rootkit-gen AVG 8.0.0.199 2008.12.09 Generic12.UGM BitDefender 7.2 2008.12.09 - CAT-QuickHeal 10.00 2008.12.09 Trojan.Pakes.mag ClamAV 0.94.1 2008.12.09 - Comodo 713 2008.12.09 - DrWeb 4.44.0.09170 2008.12.09 Trojan.Virtumod.1466 eSafe 7.0.17.0 2008.12.09 Suspicious File eTrust-Vet 31.6.6252 2008.12.09 Win32/Vundo.BJT Ewido 4.0 2008.12.09 - F-Prot 4.4.4.56 2008.12.08 - F-Secure 8.0.14332.0 2008.12.09 Trojan.Win32.Pakes.mag Fortinet 3.117.0.0 2008.12.09 PossibleThreat GData 19 2008.12.09 Win32:Rootkit-gen Ikarus T3.1.1.45.0 2008.12.08 Trojan.Win32.Vundo K7AntiVirus 7.10.549 2008.12.09 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2008.12.09 Trojan.Win32.Pakes.mag McAfee 5458 2008.12.08 Vundo McAfee+Artemis 5458 2008.12.09 Vundo Microsoft 1.4205 2008.12.09 Trojan:Win32/Vundo.gen!AE NOD32 3676 2008.12.09 Win32/Adware.Virtumonde Norman 5.80.02 2008.12.09 W32/Virtumonde.AEWN Panda 9.0.0.4 2008.12.09 Spyware/Virtumonde PCTools 4.4.2.0 2008.12.09 - Prevx1 V2 2008.12.09 Fraudulent Security Program Rising 21.07.12.00 2008.12.09 - SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Killav.AC Sophos 4.36.0 2008.12.09 Troj/Virtum-Gen Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.09 Trojan.Vundo TheHacker 6.3.1.2.180 2008.12.09 - TrendMicro 8.700.0.1004 2008.12.09 TROJ_VUNDO.AUZ VBA32 3.12.8.10 2008.12.09 Win32.Adware.Virtumonde ViRobot 2008.12.9.1509 2008.12.09 - VirusBuster 4.5.11.0 2008.12.09 - weitere Informationen File size: 34816 bytes MD5...: 42343b4e3d4dc5044b5f96e4ab87c6ee SHA1..: 9f8896084e24dad83a0e748f6c66aec2a87da4f9 SHA256: 331d4a2ec6df3fe4559574a1e80f72bd2ea7dfdc1aa71dab580bc3e7ce96b6f2 SHA512: 0a617885166c240e8ac22ef3499e67bd7c53000b1d9d1bb3256d62ecc1dae9f2<br>69e2104d535f7294855e26af938e6cf2e136d18472478f069f36c2e85aa6e707<br> ssdeep: 768:NmgaYMcOaxeJLFieBdHY+gr1IKNDxchakRQEY:ROcDenl3Nw2KnchR2<br> PEiD..: - TrID..: File type identification<br>Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.2%)<br>Clipper DOS Executable (9.1%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10015668<br>timedatestamp.....: 0x4823658c (Thu May 08 20:41:48 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1000 0x200 7.64 9ab695a5dbbd3f95d5fae6f0a4793b24<br>.rdata 0x2000 0x1000 0x200 7.60 5cb555d1812fa335827a666dc97a15c0<br>.data 0x3000 0x11000 0x5400 7.99 54dde50e44e2b4055235924b16db731d<br>.data 0x14000 0x1000 0x400 1.78 2fd8f7c62adc273acfcbda2eb5106cab<br>.pdata 0x15000 0x3000 0x2800 3.72 4b5042e7a9312e6f49ef5fdcab1eb5fd<br><br>( 3 imports ) <br>> USER32.dll: SystemParametersInfoA, GetSystemMetrics<br>> KERNEL32.dll: ExitProcess, GetSystemInfo, CreateFileA<br>> GDI32.dll: CreateHalftonePalette<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=34AED8340092C1A788F90006A7AFEF005EEE3823' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=34AED8340092C1A788F90006A7AFEF005EEE3823</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=42343b4e3d4dc5044b5f96e4ab87c6ee' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=42343b4e3d4dc5044b5f96e4ab87c6ee</a> |
|
09.12.2008, 17:26
| #10 |
| | mal wieder TR/Vundo.gen Datei uhcmug.dll empfangen 2008.12.09 17:16:35 (CET) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.12.10.0 2008.12.09 - AntiVir 7.9.0.43 2008.12.09 TR/Vundo.Gen Authentium 5.1.0.4 2008.12.08 - Avast 4.8.1281.0 2008.12.08 - AVG 8.0.0.199 2008.12.09 - BitDefender 7.2 2008.12.09 - CAT-QuickHeal 10.00 2008.12.09 - ClamAV 0.94.1 2008.12.09 - Comodo 713 2008.12.09 - DrWeb 4.44.0.09170 2008.12.09 - eSafe 7.0.17.0 2008.12.09 Suspicious File eTrust-Vet 31.6.6252 2008.12.09 Win32/Vundo.BKZ Ewido 4.0 2008.12.09 - F-Prot 4.4.4.56 2008.12.08 - F-Secure 8.0.14332.0 2008.12.09 - Fortinet 3.117.0.0 2008.12.09 - GData 19 2008.12.09 - Ikarus T3.1.1.45.0 2008.12.08 - K7AntiVirus 7.10.549 2008.12.09 - Kaspersky 7.0.0.125 2008.12.09 - McAfee 5458 2008.12.08 - McAfee+Artemis 5458 2008.12.09 Generic!Artemis Microsoft 1.4205 2008.12.09 Trojan:Win32/Conhook.D NOD32 3676 2008.12.09 - Panda 9.0.0.4 2008.12.09 - PCTools 4.4.2.0 2008.12.09 - Prevx1 V2 2008.12.09 Fraudulent Security Program Rising 21.07.12.00 2008.12.09 Trojan.Win32.Undef.uaf SecureWeb-Gateway 6.7.6 2008.12.09 Trojan.Vundo.Gen Sophos 4.36.0 2008.12.09 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.09 Packed.Generic.190 TheHacker 6.3.1.2.180 2008.12.09 - TrendMicro 8.700.0.1004 2008.12.09 - VBA32 3.12.8.10 2008.12.09 - ViRobot 2008.12.9.1509 2008.12.09 - VirusBuster 4.5.11.0 2008.12.09 - weitere Informationen File size: 129024 bytes MD5...: 85024411eb812bcae7ae19f6b1d5ae28 SHA1..: 161d57ecf0dea7a14fda745cfa8442f4723b0980 SHA256: bce02155e0b844be99d1a46b01333fbe65eb9602e2202317c7280468b558fa1d SHA512: 1b746b54d59d97cdd2fb3374e4a8127a59bd951a0fc4821e555fbf15016ac6c7<br>3579127934ba67a1ebfcea3a7294e44ba40eaae4a34a1d9a48f81d37c147f751<br> ssdeep: 3072:e8S01VkPA91oKSjTkHUHoZtv/asQhvBuvRJJKO1S:eM3/xyY0HoZtv/KhvB<br>ucO<br> PEiD..: - TrID..: File type identification<br>Win32 Executable Generic (38.4%)<br>Win32 Dynamic Link Library (generic) (34.2%)<br>Clipper DOS Executable (9.1%)<br>Generic Win/DOS Executable (9.0%)<br>DOS Executable Generic (9.0%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1003f3b9<br>timedatestamp.....: 0x4823544c (Thu May 08 19:28:12 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1000 0x200 7.64 8a49d2cd0624b25d6e0b3f1523b54458<br>.rdata 0x2000 0x1000 0x200 7.57 f8f3a38502ef2583613e115e95372840<br>.data 0x3000 0x3b000 0x1ac00 8.00 253eeb14ad65f795e3e98d0cd9dc156b<br>.data 0x3e000 0x1000 0x400 1.79 4fa46890f80b0aa7506bcdf641169b85<br>.pdata 0x3f000 0x4000 0x3400 2.94 d1c8c1f1f95e5eb499cb47ff561ef4b4<br><br>( 3 imports ) <br>> USER32.dll: SystemParametersInfoA, GetSystemMetrics<br>> KERNEL32.dll: ExitProcess, GetSystemInfo, CreateFileA<br>> GDI32.dll: CreateHalftonePalette<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2AC8AD2E0045C562F82201F2D2D5EF00644A1057' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2AC8AD2E0045C562F82201F2D2D5EF00644A1057</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=85024411eb812bcae7ae19f6b1d5ae28' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=85024411eb812bcae7ae19f6b1d5ae28</a> so das waren alle... hoffentlich bekomm ich die wieder runter.. danke euch |
|
09.12.2008, 17:31
| #11 |
| | mal wieder TR/Vundo.gen mbr: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x12a14c00 size 0x1ca ! copy of MBR has been found in sector 62 ! |
|
09.12.2008, 18:15
| #12 | |
| | mal wieder TR/Vundo.gen Ja, ich habs befürchtet. Spar deine Zeit. Zitat:
http://www.trojaner-board.de/51262-a...sicherung.html ciao, andreas Geändert von john.doe (09.12.2008 um 19:09 Uhr) |
|
09.12.2008, 20:06
| #13 |
| | mal wieder TR/Vundo.gen 12/09/08 17:34:03 [Info]: BlackLight Engine 2.2.1092 initialized 12/09/08 17:34:03 [Info]: OS: 5.1 build 2600 (Service Pack 2) 12/09/08 17:34:04 [Note]: 7019 4 12/09/08 17:34:04 [Note]: 7005 0 12/09/08 17:34:17 [Note]: 7006 0 12/09/08 17:34:17 [Note]: 7011 176 12/09/08 17:34:17 [Note]: 7035 0 12/09/08 17:34:17 [Note]: 7026 0 12/09/08 17:34:17 [Note]: 7026 0 12/09/08 17:34:19 [Note]: FSRAW library version 1.7.1024 12/09/08 17:43:41 [Note]: 7007 0 |
|
09.12.2008, 20:08
| #14 |
| | mal wieder TR/Vundo.gen Malwarebytes' Anti-Malware 1.28 Datenbank Version: 1227 Windows 5.1.2600 Service Pack 2 09.12.2008 19:12:46 mbam-log-2008-12-09 (19-12-46).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 156271 Laufzeit: 49 minute(s), 24 second(s) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 4 Infizierte Registrierungsschlüssel: 25 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 5 Infizierte Dateien: 21 Infizierte Speicherprozesse: C:\WINDOWS\bGlsYWx1bWJi\command.exe (Adware.CommAd) -> Failed to unload process. C:\Programme\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Unloaded process successfully. Infizierte Speichermodule: C:\WINDOWS\system32\khfGaaWq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\bGlsYWx1bWJi\asappsrv.dll (Adware.CommAd) -> Delete on reboot. C:\WINDOWS\system32\ddcCTJdA.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\uhcmug.dll (Trojan.Vundo.H) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68d87f49-656e-4544-85fc-490191bb3f84} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{68d87f49-656e-4544-85fc-490191bb3f84} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcctjda (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9460900-feee-4c06-8441-2ecb21bfcf35} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{d9460900-feee-4c06-8441-2ecb21bfcf35} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (Adware.CommAd) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice (Adware.CommAd) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (Adware.CommAd) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\68e92b16 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\khfgaawq -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\khfgaawq -> Delete on reboot. Infizierte Verzeichnisse: C:\Programme\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Programme\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\lilalumbb\Anwendungsdaten\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\lilalumbb\Anwendungsdaten\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully. Infizierte Dateien: C:\WINDOWS\system32\uhcmug.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\ddcCTJdA.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\khfGaaWq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\qWaaGfhk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qWaaGfhk.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dlujitum.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mutijuld.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\bGlsYWx1bWJi\asappsrv.dll (Adware.CommAd) -> Delete on reboot. C:\WINDOWS\bGlsYWx1bWJi\command.exe (Adware.CommAd) -> Delete on reboot. C:\Programme\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gxregxcp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tuvWnkHX.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wvUmmLfC.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\AT\MTK63G.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\lilalumbb\Anwendungsdaten\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\WINDOWS\system32\prunnet.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully. |
|
09.12.2008, 20:10
| #15 | |
| | mal wieder TR/Vundo.genZitat:
|
|
| Themen zu mal wieder TR/Vundo.gen |
| antivir, antivirus, avgnt, avgnt.exe, avira, avp, avp.exe, bho, desktop, einstellungen, firefox, gainward, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, internet security, kaspersky, mein log, mozilla, rundll, schutz, security, software, stick, system, toolbars, tr/vundo.gen, virus, windows, windows xp |
