| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Agent und Backdoor.botWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.02.2010, 12:47
| #26 |
 |  Trojan.Agent und Backdoor.botCode:
ATTFilter Datei rsaenh.dll empfangen 2010.02.04 09:11:36 (UTC)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.02.02 -
AhnLab-V3 5.0.0.2 2010.02.01 -
AntiVir 7.9.1.156 2010.02.02 -
Antiy-AVL 2.0.3.7 2010.02.02 -
Authentium 5.2.0.5 2010.02.02 -
Avast 4.8.1351.0 2010.02.02 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.02 -
CAT-QuickHeal 10.00 2010.02.02 -
ClamAV 0.96.0.0-git 2010.02.02 -
Comodo 3790 2010.02.02 -
DrWeb 5.0.1.12222 2010.02.02 -
eSafe 7.0.17.0 2010.02.02 -
eTrust-Vet 35.2.7276 2010.02.02 -
F-Prot 4.5.1.85 2010.02.01 -
F-Secure 9.0.15370.0 2010.02.02 -
Fortinet 4.0.14.0 2010.02.02 -
GData 19 2010.02.02 -
Ikarus T3.1.1.80.0 2010.02.02 -
Jiangmin 13.0.900 2010.02.02 -
K7AntiVirus 7.10.962 2010.02.01 -
Kaspersky 7.0.0.125 2010.02.02 -
McAfee 5879 2010.02.01 -
McAfee+Artemis 5879 2010.02.01 -
McAfee-GW-Edition 6.8.5 2010.02.02 -
Microsoft 1.5406 2010.02.02 -
NOD32 4827 2010.02.02 -
Norman 6.04.03 2010.02.02 -
nProtect 2009.1.8.0 2010.02.02 -
Panda 10.0.2.2 2010.02.01 -
PCTools 7.0.3.5 2010.02.02 -
Prevx 3.0 2010.02.04 -
Rising 22.33.01.04 2010.02.02 -
Sophos 4.50.0 2010.02.02 -
Sunbelt 3.2.1858.2 2010.02.02 -
TheHacker 6.5.1.0.176 2010.02.02 -
TrendMicro 9.120.0.1004 2010.02.02 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.2.2168 2010.02.02 -
VirusBuster 5.0.21.0 2010.02.01 -
weitere Informationen
File size: 242744 bytes
MD5 : 5178d99b1cbd1c9d310904417e2c5a11
SHA1 : 6047e76e050dcd6dc0f14bd19014488f967288e2
SHA256: fee095c528775c6930e6581b20ea1df7aab535f107f9b6d415d354511d308667
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x12FD<br> timedatestamp.....: 0x4791A754 (Sat Jan 19 08:31:32 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 4 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x339F7 0x33A00 6.95 2fd029242fa69c680f20f1f556d0eee8<br>.data 0x35000 0x2AA8 0x2C00 3.85 4fc61ca20d5400590fbb9bd299e70139<br>.rsrc 0x38000 0xC60 0xE00 2.98 98a8d5b218acaf388e831e860598eee6<br>.reloc 0x39000 0x130C 0x1400 6.56 3c46ca69260d31450d59e4764e823076<br> <br> ( 4 imports )<br> <br>> advapi32.dll: GetNamedSecurityInfoW, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, SetNamedSecurityInfoW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorControl, GetSecurityDescriptorLength, MakeSelfRelativeSD, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, GetAclInformation, GetAce, ImpersonateSelf, AdjustTokenPrivileges, RevertToSelf, RegEnumKeyA, SystemFunction040, GetTokenInformation, OpenThreadToken, OpenProcessToken, FreeSid, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, EqualSid, GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority, IsValidSid, PrivilegeCheck, LookupPrivilegeValueA, RegOpenKeyExW, RegDeleteKeyW, RegCreateKeyExA, RegSetValueExA, GetUserNameA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, RegGetKeySecurity, RegCloseKey, RegQueryValueExA, SystemFunction036, RegDeleteValueA, A_SHAInit, A_SHAUpdate, A_SHAFinal, MD5Init, MD5Update, MD5Final, SystemFunction041<br>> kernel32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, Sleep, InterlockedExchange, InterlockedCompareExchange, HeapAlloc, GetProcessHeap, HeapFree, TlsAlloc, TlsFree, DelayLoadFailureHook, RtlMoveMemory, LocalAlloc, GetCurrentThread, CloseHandle, HeapReAlloc, MultiByteToWideChar, GetVersionExA, CreateFileW, WriteFile, GetFileSize, MoveFileExW, GetTempFileNameW, GetTempPathW, DeleteFileW, FindNextFileW, FindFirstFileExW, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, WideCharToMultiByte, LoadLibraryExA, LoadStringBaseExW, GetSystemDirectoryW, RemoveDirectoryW, ReadFile, VirtualProtect, VirtualAlloc, GetModuleHandleW, GetSystemInfo, VirtualQuery, GetVersion, DeleteCriticalSection, CompareStringA, lstrcmpA, InitializeCriticalSection, LoadLibraryA, GetProcAddress, FreeLibrary, LocalFree, lstrlenW, RaiseException, TlsGetValue, TlsSetValue, EnterCriticalSection, LeaveCriticalSection, lstrlenA, FindClose, SetLastError, GetLastError<br>> msvcrt.dll: memcpy, strcpy_s, _strlwr, strcat_s, wcscpy_s, _XcptFilter, malloc, free, wcscat_s, wcsncpy_s, swprintf_s, sprintf_s, _vsnwprintf, memset, _except_handler4_common, _adjust_fdiv, _amsg_exit, _initterm<br>> ntdll.dll: RtlNtStatusToDosError, NtClose, RtlFreeHeap, RtlReleaseRelativeName, NtCreateFile, RtlDosPathNameToRelativeNtPathName_U, RtlAllocateHeap, RtlImageNtHeader<br> <br> ( 1 exports )<br> <br>> CPAcquireContext, CPCreateHash, CPDecrypt, CPDeriveKey, CPDestroyHash, CPDestroyKey, CPDuplicateHash, CPDuplicateKey, CPEncrypt, CPExportKey, CPGenKey, CPGenRandom, CPGetHashParam, CPGetKeyParam, CPGetProvParam, CPGetUserKey, CPHashData, CPHashSessionKey, CPImportKey, CPReleaseContext, CPSetHashParam, CPSetKeyParam, CPSetProvParam, CPSignHash, CPVerifySignature, DllRegisterServer, DllUnregisterServer
TrID : File type identification<br>60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)<br>16.6% (.EXE) Win32 Executable Generic (8527/13/3)<br>14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)<br>3.9% (.EXE) Generic Win/DOS Executable (2002/3)<br>3.8% (.EXE) DOS Executable Generic (2000/1)
ssdeep: 6144:2ySqqDCJOPqqDLUR7ddWeznDAgOif7CqqJ2PWD39eVuQ9Ql:2ynqW4SqnG7zDznDAg7f7Cq4D39eV1S
PEiD : -
RDS : NSRL Reference Data Set<br>-
Code:
ATTFilter Datei slc.dll empfangen 2009.08.02 15:11:36 (UTC)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.08.02 -
AhnLab-V3 5.0.0.2 2009.08.01 -
AntiVir 7.9.0.238 2009.07.31 -
Antiy-AVL 2.0.3.7 2009.07.31 -
Authentium 5.1.2.4 2009.08.02 -
Avast 4.8.1335.0 2009.08.01 -
AVG 8.5.0.406 2009.08.02 -
BitDefender 7.2 2009.08.02 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.08.02 -
Comodo 1839 2009.08.02 -
DrWeb 5.0.0.12182 2009.08.02 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6650 2009.08.01 -
F-Prot 4.4.4.56 2009.08.02 -
F-Secure 8.0.14470.0 2009.08.01 -
Fortinet 3.120.0.0 2009.08.02 -
GData 19 2009.08.02 -
Ikarus T3.1.1.64.0 2009.08.02 -
Jiangmin 11.0.800 2009.08.02 -
K7AntiVirus 7.10.808 2009.08.01 -
Kaspersky 7.0.0.125 2009.08.02 -
McAfee 5695 2009.08.01 -
McAfee+Artemis 5695 2009.08.01 -
McAfee-GW-Edition 6.8.5 2009.08.02 -
Microsoft 1.4903 2009.08.02 -
NOD32 4299 2009.08.02 -
Norman 6.01.09 2009.07.31 -
nProtect 2009.1.8.0 2009.08.02 -
Panda 10.0.0.14 2009.08.02 -
PCTools 4.4.2.0 2009.08.02 -
Prevx 3.0 2009.08.02 -
Rising 21.40.62.00 2009.08.02 -
Sophos 4.44.0 2009.08.02 -
Sunbelt 3.2.1858.2 2009.08.02 -
Symantec 1.4.4.12 2009.08.02 -
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.07.31 -
VBA32 3.12.10.9 2009.08.02 -
ViRobot 2009.7.31.1863 2009.07.31 -
VirusBuster 4.6.5.0 2009.08.02 -
weitere Informationen
File size: 225792 bytes
MD5 : c0d487fd64092792b47e80a0ff27e5c6
SHA1 : 061f68e1b736098350a796dc55202ed723aa2d0a
SHA256: 9ffde97f66bf2ece90f5998f6b3cc1990d16fe426ab7ba620752f2963d328a10
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x2C0E8<br> timedatestamp.....: 0x4791A73F (Sat Jan 19 08:31:11 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 4 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x3207E 0x32200 6.21 847e086487584e96dd9d7a8deede5911<br>.data 0x34000 0x1981 0x1A00 1.03 89dfd1a8f99b82e31b2b26205b238090<br>.rsrc 0x36000 0x528 0x600 2.98 112fa405ae307c12ef7ab6c9e758ab2e<br>.reloc 0x37000 0x2A04 0x2C00 6.71 46587f63f5144af09281e8e2a9850c27<br> <br> ( 5 imports )<br> <br>> advapi32.dll: RegisterEventSourceW, ReportEventW, DeregisterEventSource, CloseServiceHandle, RegOpenKeyExW, NotifyServiceStatusChangeW, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, FreeSid, RegCloseKey, AllocateAndInitializeSid<br>> kernel32.dll: GlobalMemoryStatusEx, ExitProcess, VirtualAlloc, VirtualFree, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetVersion, VirtualProtect, SetLastError, DisableThreadLibraryCalls, LocalAlloc, LocalFree, FreeLibrary, SleepEx, GetLastError, GetCurrentProcess, GetProcAddress, LoadLibraryW, GetProductInfo, GetVersionExW, InterlockedExchange, Sleep, InterlockedCompareExchange, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter<br>> msvcrt.dll: memset, memcpy, memmove, _except_handler4_common, _adjust_fdiv, _amsg_exit, _initterm, free, malloc, _XcptFilter, _wcsnicmp, wcschr, _vsnwprintf<br>> ntdll.dll: RtlInitUnicodeString, NtQueryLicenseValue<br>> rpcrt4.dll: I_RpcExceptionFilter, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetAuthInfoExW, RpcStringFreeW, RpcBindingFree, I_RpcMapWin32Status, NdrClientCall2<br> <br> ( 1 exports )<br> <br>> SLClose, SLConsumeRight, SLConsumeWindowsRight, SLDepositOfflineConfirmationId, SLFireEvent, SLGenerateOfflineInstallationId, SLGetGenuineInformation, SLGetInstalledProductKeyIds, SLGetInstalledSAMLicenseApplications, SLGetLicense, SLGetLicenseFileId, SLGetLicenseInformation, SLGetLicensingStatusInformation, SLGetPKeyId, SLGetPKeyInformation, SLGetPolicyInformation, SLGetPolicyInformationDWORD, SLGetProductSkuInformation, SLGetSAMLicense, SLGetSLIDList, SLGetServiceInformation, SLGetWindowsInformation, SLGetWindowsInformationDWORD, SLInstallLicense, SLInstallProofOfPurchase, SLInstallSAMLicense, SLOpen, SLReArmWindows, SLRegisterEvent, SLRegisterWindowsEvent, SLSetCurrentProductKey, SLSetGenuineInformation, SLUninstallLicense, SLUninstallProofOfPurchase, SLUninstallSAMLicense, SLUnregisterEvent, SLUnregisterWindowsEvent, SLpAuthenticateGenuineTicketResponse, SLpBeginGenuineTicketTransaction, SLpCheckProductKey, SLpGetGenuineBlob, SLpGetGenuineLocal, SLpGetLicenseAcquisitionInfo, SLpGetMachineUGUID, SLpVLActivateProduct
TrID : File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
ssdeep: 3072:U6M1Sfc9ewrq7LpvqvnTvKxKS+JfowMsSV0305sLgI:UB1ZewaEnTgaJfowiV0Ng
PEiD : -
RDS : NSRL Reference Data Set<br>-
Pc hat GMER wieder nicht geschafft. Geändert von Sandy77 (04.02.2010 um 13:25 Uhr) |
| Themen zu Trojan.Agent und Backdoor.bot |
| ?????, adobe, antivir, antivirus, avira, bho, browser, explorer, fehlermeldung, firefox, google, gupdate, helper, hijack, hijackthis, internet, internet explorer, malwarebytes' anti-malware, mozilla, object, plug-in, senden, software, starten, symantec, system, trojaner, vista, windows |
Baum-Darstellung