Trojan Spy.Win32.Ursnif ....kann ich nicht löschen

Zitat von sunda

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.02 Trojan-Spy.Win32.Ursnif!IK
AhnLab-V3 5.0.0.2 2010.03.02 -
AntiVir 8.2.1.176 2010.03.02 TR/Agent.35328
Antiy-AVL 2.0.3.7 2010.03.02 Backdoor/Win32.Papras
Authentium 5.2.0.5 2010.03.02 W32/Heuristic-KPP!Eldorado
Avast 4.8.1351.0 2010.03.02 Win32:Malware-gen
Avast5 5.0.332.0 2010.03.02 Win32:Malware-gen
AVG 9.0.0.730 2010.03.02 BackDoor.Generic12.ALRO
BitDefender 7.2 2010.03.02 Trojan.Generic.3259128
CAT-QuickHeal 10.00 2010.03.02 Backdoor.Papras.ay
ClamAV 0.96.0.0-git 2010.03.02 Trojan.PWS.Papras-1
Comodo 4091 2010.02.28 Backdoor.Win32.Papras.ay
DrWeb 5.0.1.12222 2010.03.02 BACKDOOR.Trojan
eSafe 7.0.17.0 2010.03.01 Win32.TRAgent
eTrust-Vet 35.2.7335 2010.03.02 Win32/Ursnif.IG
F-Prot 4.5.1.85 2010.03.02 W32/Heuristic-KPP!Eldorado
F-Secure 9.0.15370.0 2010.03.02 Trojan-Spy:W32/Papras.gen!A
Fortinet 4.0.14.0 2010.02.28 W32/Papras.AY!tr.bdr
GData 19 2010.03.02 Trojan.Generic.3259128
Ikarus T3.1.1.80.0 2010.03.02 Trojan-Spy.Win32.Ursnif
Jiangmin 13.0.900 2010.03.02 Backdoor/Papras.m
K7AntiVirus 7.10.986 2010.03.01 Backdoor.Win32.Papras.ay
Kaspersky 7.0.0.125 2010.03.02 Backdoor.Win32.Papras.ay
McAfee 5907 2010.03.01 Generic PWS.y!cbh
McAfee+Artemis 5907 2010.03.01 Generic PWS.y!cbh
McAfee-GW-Edition 6.8.5 2010.03.02 Heuristic.LooksLike.Trojan.Agent.H
Microsoft 1.5502 2010.03.02 TrojanSpy:Win32/Ursnif.gen!I
NOD32 4908 2010.03.02 a variant of Win32/PSW.Papras.AW
Norman 6.04.08 2010.03.01 -
nProtect 2009.1.8.0 2010.03.02 Backdoor/W32.Papras.35328.K
Panda 10.0.2.2 2010.03.01 Generic Trojan
PCTools 7.0.3.5 2010.03.02 Backdoor.Trojan
Prevx 3.0 2010.03.02 High Risk System Back Door
Rising 22.37.01.04 2010.03.02 -
Sophos 4.50.0 2010.03.02 Mal/Generic-L
Sunbelt 5716 2010.03.01 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.03.02 Backdoor.Trojan
TheHacker 6.5.1.7.218 2010.03.02 Backdoor/Papras.ay
TrendMicro 9.120.0.1004 2010.03.02 -
VBA32 3.12.12.2 2010.03.02 Backdoor.Win32.Papras.ay
ViRobot 2010.3.2.2208 2010.03.02 -
VirusBuster 5.0.27.0 2010.03.02 -
weitere Informationen
File size: 35328 bytes
MD5...: eb6ecc316e1691e51451b539a36b85fe
SHA1..: 0689573aa2ba59b6b7255726aee46f43ab3533c9
SHA256: 4148f657fce5b752719ed8a1f59027a5489129bafc30645ba94a67a99fd43f40
ssdeep: 768:rj1COhI+BShUPFuJtoWvedX+CtxvqN4574n2:1pIiRWto0e8qxSh2

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12d8
timedatestamp.....: 0x4b7fd55f (Sat Feb 20 12:28:15 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5d70 0x5e00 6.29 0a37af733b3cee5b2dffcc479d365393
.rdata 0x7000 0x16e9 0x1800 5.06 211894e0d55a9d605e6e56c3c3348ab2
.data 0x9000 0x578 0x400 2.93 d366260d82a03ea9eecaeeaf113592c5
.reloc 0xa000 0xb3e 0xc00 5.83 de1b7b1d918afb600de7754b9b047417

( 5 imports )
> ntdll.dll: memset, ZwOpenProcess, ZwClose, ZwQueryInformationToken, memcmp, memcpy, ZwOpenProcessToken, RtlUnwind, NtQueryVirtualMemory
> SHLWAPI.dll: StrChrA, StrStrIW, StrRChrA, StrStrIA
> KERNEL32.dll: CloseHandle, LocalFree, ResumeThread, CreateThread, SetEvent, HeapDestroy, HeapCreate, lstrlenA, HeapAlloc, SetWaitableTimer, HeapFree, LeaveCriticalSection, lstrcatA, FindFirstFileA, lstrcmpiA, RemoveDirectoryA, EnterCriticalSection, LocalAlloc, WaitForMultipleObjects, FindNextFileA, CreateMutexA, ReleaseMutex, CreateWaitableTimerA, DeleteFileA, lstrcpyA, GetModuleHandleA, CreateFileA, lstrcpynA, GlobalLock, WriteFile, lstrlenW, GlobalUnlock, lstrcpyW, LoadLibraryExW, SetLastError, lstrcmpW, HeapReAlloc, WaitForSingleObject, OpenProcess, CreateEventA, Process32First, GetProcAddress, ResetEvent, Process32Next, CreateToolhelp32Snapshot, GetCurrentProcessId, GetTempPathA, FreeLibrary, InterlockedExchange, LoadLibraryA, RaiseException, GetLastError, CreateProcessA, Sleep, GetCurrentProcess, CreateProcessW, VirtualAllocEx, GetModuleFileNameA, WriteProcessMemory, VirtualProtect, SwitchToThread, TerminateThread, InitializeCriticalSection, CreateRemoteThread, GetVersion, GetTickCount
> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, AdjustTokenPrivileges, RegDeleteValueA, LookupPrivilegeValueA, RegDeleteKeyA, OpenProcessToken, RegEnumValueA, RegCloseKey, RegOpenKeyA, RegCreateKeyA, RegQueryValueExA, RegSetValueExA, CreateProcessAsUserW, CreateProcessAsUserA
> PSAPI.DLL: GetModuleFileNameExA, EnumProcessModules

( 2 exports )
CreateProcessNotify, DllEntryPoint

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=43BCC63B00B838D28A60005880949D003C8E7E30' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=43BCC63B00B838D28A60005880949D003C8E7E30</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned