| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "TR/Crypt.XPACK.Gen" Virustotal ErgebnisseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.05.2008, 13:53
| #1 |
| |  "TR/Crypt.XPACK.Gen" Virustotal Ergebnisse Habe ein Problem mit einen Trojaner "TR/Crypt.XPACK.Gen" habe meinen Log schon eingesendet und auf empfehlung habe ich 2 Dateien über Virustotal getestet: C:\Temp\nEzts0230.exe Ergebnis: 17/32 (53.13%) Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.5.20.0 2008.05.21 - AntiVir 7.8.0.19 2008.05.21 - Authentium 5.1.0.4 2008.05.21 - Avast 4.8.1195.0 2008.05.21 Win32:Trojano-2873 AVG 7.5.0.516 2008.05.21 - BitDefender 7.2 2008.05.21 Dropped:Trojan.Downloader.Small.BUY CAT-QuickHeal 9.50 2008.05.19 - ClamAV 0.92.1 2008.05.21 Trojan.Downloader-2966 DrWeb 4.44.0.09170 2008.05.21 Trojan.DownLoader.5013 eSafe 7.0.15.0 2008.05.20 Win32.Small.buy eTrust-Vet 31.4.5808 2008.05.21 - Ewido 4.0 2008.05.21 - F-Prot 4.4.2.54 2008.05.16 - F-Secure 6.70.13260.0 2008.05.21 Trojan.NSIS.StartPage.c Fortinet 3.14.0.0 2008.05.21 - GData 2.0.7306.1023 2008.05.21 Trojan-Downloader.Win32.Small.buy Ikarus T3.1.1.26.0 2008.05.21 Virus.Win32.AdWare Kaspersky 7.0.0.125 2008.05.21 Trojan-Downloader.Win32.Small.buy McAfee 5299 2008.05.20 - Microsoft 1.3520 2008.05.21 Adware:Win32/Isearch.B NOD32v2 3116 2008.05.21 Win32/TrojanDownloader.Small.BUY Norman 5.80.02 2008.05.20 W32/DLoader.MXM.dropper Panda 9.0.0.4 2008.05.21 Spyware/7r7t Prevx1 V2 2008.05.21 - Rising 20.45.12.00 2008.05.21 Trojan.DL.Adservs Sophos 4.29.0 2008.05.21 CommAd Installer Sunbelt 3.0.1123.1 2008.05.17 - Symantec 10 2008.05.21 - TheHacker 6.2.92.314 2008.05.20 Trojan/Downloader.VB.dht VBA32 3.12.6.6 2008.05.20 AdWare.Win32.ZenoSearch.bg VirusBuster 4.3.26:9 2008.05.20 - Webwasher-Gateway 6.6.2 2008.05.21 - weitere Informationen File size: 371553 bytes MD5...: 90eb9d37cdf10d957fd049cd242156bc SHA1..: 2e2f728f8080804b6111622663e6b85b7629461f SHA256: 4dd5f8ecaa5e2b2b0bb3b62ac28d67c99f648c91f0fa002cd9992f7c80b8752b SHA512: 3fea0679a39b0d8d5f9e392de6f7d707f7bd716e1bcb00d7cf35c0841844dfc2 26381eacd101698c8284f987f3edcee0cee5d4b7c88d2c8f5ececb384721d768 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40402d timedatestamp.....: 0x423c2fea (Sat Mar 19 13:58:02 2005) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x5b32 0x5c00 6.46 76b0480223a9390fe6cd24cc4494344f .rdata 0x7000 0x11c0 0x1200 5.22 3fcd3bcc4cb3a731007cea57c7f76fc3 .data 0x9000 0x260d4 0x400 5.20 47c5eb8732ddd1263c5187f46b0ec7d9 .ndata 0x30000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x38000 0x1000 0x800 2.92 1df771fe74d8a0d48e1d71b2275eb81f ( 8 imports ) > COMCTL32.dll: -, ImageList_AddMasked, ImageList_Destroy, ImageList_Create > KERNEL32.dll: ExpandEnvironmentStringsA, GetEnvironmentVariableA, lstrcmpiA, CloseHandle, SetFileTime, GetFileAttributesA, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, lstrcatA, SetCurrentDirectoryA, CreateDirectoryA, SetFileAttributesA, Sleep, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, CopyFileA, ExitProcess, lstrcpynA, GlobalFree, GetWindowsDirectoryA, GetTempPathA, GetUserDefaultLangID, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, GlobalAlloc, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, lstrcpyA, lstrlenA, GetSystemDirectoryA, MulDiv, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, ReadFile, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, GetCommandLineA > USER32.dll: ExitWindowsEx, CharNextA, DialogBoxParamA, GetClassInfoA, CreateWindowExA, SystemParametersInfoA, RegisterClassA, EndDialog, ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, LoadCursorA, SetCursor, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, DispatchMessageA, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, PeekMessageA > GDI32.dll: GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SetBkColor, SelectObject > ADVAPI32.dll: RegEnumValueA, RegQueryValueExA, RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegEnumKeyA > SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc, SHGetSpecialFolderLocation, SHFileOperationA > ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA ( 0 exports ) Norman Sandbox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * Creating several executable files on hard-drive. * Application uses MFC.DLL. * File length: 371553 bytes. [ Changes to filesystem ] * Creates directory C:\WINDOWS\TEMP\. * Creates file C:\WINDOWS\TEMP\nsr8199.tmp. * Deletes file C:\WINDOWS\TEMP\nsr8199.tmp. * Creates directory C:\WINDOWS\SYSTEM32\rDA. * Creates file C:\WINDOWS\SYSTEM32\rDA\dBparsdll.exe. * Creates directory C:\WINDOWS\SYSTEM32\dbW. * Creates file C:\WINDOWS\SYSTEM32\dbW\trazcom06.exe. * Creates directory C:\WINDOWS\SYSTEM32\3056v. * Creates file C:\WINDOWS\SYSTEM32\3056v\Wvram13.exe. * Creates directory C:\WINDOWS\SYSTEM32\emL1. * Creates file C:\WINDOWS\SYSTEM32\emL1\roEbdll2.exe. [ Process/window information ] * Creates process \"dBparsdll.exe\". * Creates process \"trazcom06.exe\". * Creates process \"Wvram13.exe\". [ Signature Scanning ] * C:\WINDOWS\SYSTEM32\rDA\dBparsdll.exe (25105 bytes) : W32/DLoader.MXM. packers (Kaspersky): UPX, PE_Patch.Upolyx, PE_Patch.UPX, UPX, Swf2Swc, Swf2Swc C:\WINDOWS\system32\hgGaaaYP.dll Ergebnis: 16/32 (50.00%) AhnLab-V3 2008.5.16.0 2008.05.16 - AntiVir 7.8.0.19 2008.05.18 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2008.05.18 - Avast 4.8.1195.0 2008.05.18 - AVG 7.5.0.516 2008.05.18 Generic10.YAY BitDefender 7.2 2008.05.18 - CAT-QuickHeal 9.50 2008.05.17 - ClamAV 0.92.1 2008.05.19 - DrWeb 4.44.0.09170 2008.05.17 Trojan.Packed.142 eSafe 7.0.15.0 2008.05.18 - eTrust-Vet 31.4.5796 2008.05.16 Win32/Vundo.YT Ewido 4.0 2008.05.18 - F-Prot 4.4.2.54 2008.05.14 - F-Secure 6.70.13260.0 2008.05.18 Vundo.gen179 Fortinet 3.14.0.0 2008.05.18 Virtum!tr GData 2.0.7306.1023 2008.05.18 - Ikarus T3.1.1.26.0 2008.05.19 Trojan.Win32.Vundo.AF Kaspersky 7.0.0.125 2008.05.19 - McAfee 5297 2008.05.17 Vundo Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.AF NOD32v2 3107 2008.05.18 - Norman 5.80.02 2008.05.16 Vundo.gen179 Panda 9.0.0.4 2008.05.18 Spyware/Virtumonde Prevx1 V2 2008.05.19 Prevx Database Unreachable Rising 20.44.62.00 2008.05.18 - Sophos 4.29.0 2008.05.19 Troj/Virtum-Gen Sunbelt 3.0.1123.1 2008.05.17 - Symantec 10 2008.05.18 Trojan.Vundo TheHacker 6.2.92.312 2008.05.18 - VBA32 3.12.6.6 2008.05.18 Trojan.Packed.142 VirusBuster 4.3.26:9 2008.05.18 - Webwasher-Gateway 6.6.2 2008.05.18 Trojan.Crypt.XPACK.Gen weitere Informationen File size: 52736 bytes MD5...: 0e3535045706da1af690a904e5325a01 SHA1..: 195e95ce749221786bbc91dddfca810abf3c2698 SHA256: 44f47c465a4328018bb588b584bfc5a043cffd6d80be175c482e62b4555ace53 SHA512: 0161d29cc9a002d46bb97acfea0c5e43ffda3a13b0e4dc53ae56afcecaf0ec8f 8dc9efe78a11618b898d6473f91d34e2777874b53f1e101cfbce9542b66bfb5a PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100011c9 timedatestamp.....: 0x478a2fee (Sun Jan 13 15:36:14 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x706a 0x7200 7.33 10d62896fcf167c4950190a06c5f5baf .rdata 0x9000 0x40a2 0x4200 7.85 68cc32453533a2ee4d2f7aff467c2fad .data 0xe000 0x2695 0x1600 7.46 e6dccc59b41fefb31150274dcda80e92 ( 2 imports ) > user32.dll: DispatchMessageA, DrawCaption, DrawMenuBar, DestroyCursor, EnableScrollBar, EndPaint, DestroyCaret, CreateIcon, CreateDialogParamA, CreateDialogIndirectParamA, CreateDesktopW, CharUpperBuffA, CharToOemBuffA, CharToOemA, CharNextA, ChangeMenuA, DrawStateA, ActivateKeyboardLayout > kernel32.dll: lstrcatA, RtlUnwind, ReadFile, RaiseException, OpenFileMappingA, GetVersionExA, GetSystemTime, GetLastError, EnumResourceTypesA, EnumResourceNamesA, lstrcpyA ( 0 exports ) |
|
22.05.2008, 09:27
| #2 |
| /// TB-Ausbilder     | "TR/Crypt.XPACK.Gen" Virustotal Ergebnisse Hi,
__________________erstelle bitte ein Log mit HijackThis und Malwarebytes (lass alle gefundenen Einträge löschen) Erstelle danach bitte noch ein Log mit DSS
lg myrtille
__________________ |
|
| Themen zu "TR/Crypt.XPACK.Gen" Virustotal Ergebnisse |
| .dll, 2.0.7, analysis, application, bytes, c:\windows, c:\windows\temp, dateien, defender, empfehlung, encrypt, generic, gesendet, log, please, problem, scan, screen, shell, shell32.dll, swf2swc, system32, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojan.vundo, trojaner, version, virus, virustotal, vundo.gen, win, win32, windows\temp |
