Trojaner-Board - Trojaner: Crypt.XPACK.Gen

Hallo,

ich habe Windows XP Home SP3, Mozilla Firefox und Avira Antivir.

Vor zwei Tagen habe ich eine alte Festplatte gescannt und da wurden mir einige Dateien gemeldet, die Trojaner enthalten, die ich direkt in die Quarantaene verschoben habe. Ich dachte damit waere dann alles OK (weil ich die Dateien nicht ausgefuehrt habe)
Heute Nacht hat Antivir mir aber erneut diesen Trojaner gemeldet: Crypt.XPACK.Gen
In der Datei 'F:\System Volume Information\_restore{FFFF67A7-CF77-4E0D-8CD8-51F54D49E477}\RP219\A0025985.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.

Dann habe ich eben nen vollen Systemscan mit Antivir gemacht und es wurde auch noch auf einer anderen Partition der Trojaner gefunden:
Die Datei 'G:\System Volume Information\_restore{FFFF67A7-CF77-4E0D-8CD8-51F54D49E477}\RP219\A0025979.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].

Mein HijackThis Log ist sauber, zumindest sagt das die automatische Logauswertung.

Code:

Logfile of HijackThis v1.99.1

Scan saved at 3:37:25 PM, on 10/13/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programme\abit\abit uGuru\AirPaceWifi.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Programme\Logitech\Video\LogiTray.exe

C:\Programme\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\LVComS.exe

C:\Programme\MagicRotation\MagicPvt.exe

C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programme\DAEMON Tools Lite\daemon.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\avcenter.exe

F:\INSTALLPROGZ\SpyBot, Adaware, HiJackThis, VX2cleaner\HJT1991.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [AirPaceWifi] "C:\Programme\abit\abit uGuru\AirPaceWifi.exe" -nogui

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MagicRotation] C:\Programme\MagicRotation\MagicPvt.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\POKER\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Programme\POKER\Titan Poker\casino.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\POKER\PartyPoker\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\POKER\PartyPoker\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217628192008

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D76571A-52B3-477F-9C0B-6BF77326BE79}: NameServer = 62.72.64.237,62.72.64.241

O17 - HKLM\System\CCS\Services\Tcpip\..\{F322EAC2-1940-4826-8208-00929DE411A6}: NameServer = 62.72.64.237,62.72.64.241

O17 - HKLM\System\CCS\Services\Tcpip\..\{F3C84803-B1B9-422C-A9AD-F5AFE2893124}: NameServer = 62.72.64.237,62.72.64.241

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.2\bin\pg_ctl.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe

Hat System Volume nicht etwas mit der automatischen Systemwiederherstellung zu tun? Koennte ich dadurch eventuell den Trojaner beseitigen?
Oder geht es vll auch so:
Vor ca. 1 Woche habe ich ein Backup meiner Systempartition gemacht. Koennte ich dieses nun wieder herstellen und der Trojaner ist dann weg? Oder kann es sein, dass weil der Trojaner auf einer anderen Partition ist, er dann immernoch da ist?
Ich hab gelesen, dass der Trojaner auch eine Fehlermeldung sein kann. Woran erkenne ich das?

Vielen Dank schonmal + LG m1sty

okay okay :) , danke erstmal fuer deine Hilfe. Hier ist das Ergebnis der mirc exe vom konospescript:

Code:

AhnLab-V3        2008.10.14.0        2008.10.13        Win-Trojan/MircPack.1790464

AntiVir        7.8.1.34        2008.10.13        -

Authentium        5.1.0.4        2008.10.13        W32/Renamed_mIRC.gen!Eldorado

Avast        4.8.1248.0        2008.10.12        -

AVG        8.0.0.161        2008.10.13        -

BitDefender        7.2        2008.10.13        Backdoor.IRC.ZFZ

CAT-QuickHeal        9.50        2008.10.13        Backdoor.mIRC-based

ClamAV        0.93.1        2008.10.13        -

DrWeb        4.44.0.09170        2008.10.13        -

eSafe        7.0.17.0        2008.10.12        Win32.mIRC-based

eTrust-Vet        31.6.6146        2008.10.13        -

Ewido        4.0        2008.10.13        -

F-Prot        4.4.4.56        2008.10.12        W32/Renamed_mIRC.gen!Eldorado

F-Secure        8.0.14332.0        2008.10.13        Backdoor.Win32.mIRC-based

Fortinet        3.113.0.0        2008.10.13        IRC/Client

GData        19        2008.10.13        Backdoor.IRC.ZFZ

Ikarus        T3.1.1.34.0        2008.10.13        IRC-Worm.Win32.Tedeto.a

K7AntiVirus        7.10.492        2008.10.13        Non-Virus:Client-IRC.Win32.mIRC.603

Kaspersky        7.0.0.125        2008.10.13        Backdoor.Win32.mIRC-based

McAfee        5403        2008.10.11        potentially unwanted program IRC/Client

Microsoft        1.4005        2008.10.13        -

NOD32        3518        2008.10.13        -

Norman        5.80.02        2008.10.13        -

Panda        9.0.0.4        2008.10.13        Bck/MIRCBased.BI

PCTools        4.4.2.0        2008.10.13        Backdoor.IRCBot

Prevx1        V2        2008.10.13        Malicious Software

Rising        20.66.02.00        2008.10.13        -

SecureWeb-Gateway        6.7.6        2008.10.13        Trojan.LooksLike.PSW

Sophos        4.34.0        2008.10.13        -

Sunbelt        3.1.1719.1        2008.10.13        mIRC based

Symantec        10        2008.10.13        -

TheHacker        6.3.1.0.109        2008.10.13        Aplicacion/Riskware.mIRC.6.03

TrendMicro        8.700.0.1004        2008.10.13        -

VBA32        3.12.8.6        2008.10.13        BackDoor.IRC.based

ViRobot        2008.10.13.1417        2008.10.13        Trojan.Win32.IRCFlood.1790465

VirusBuster        4.5.11.0        2008.10.13        -

weitere Informationen

File size: 1790464 bytes

MD5...: b766003f431cad186bd115f5761592d1

SHA1..: 33cdfe6f7fa6b321f9a51cc051c32ba924164b10

SHA256: 22bdb2606020b82349a629248b599b64235c91e8b450e355a245ef09ece57e1d

SHA512: d03cabf713c14a40588ec3d5d7c89be91a0bc2e7b472464ed058b2cce0afe58e

aaf7386ce5e6297218b3e677e290625506760ad883412b7f94c3330aa9b9f834

PEiD..: -

TrID..: File type identification

Win32 Dynamic Link Library - Borland C/C++ (74.3%)

InstallShield setup (14.5%)

DOS Executable Borland C++ (4.3%)

Win32 Executable Generic (2.8%)

Win32 Dynamic Link Library (generic) (2.5%)

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x401000

timedatestamp.....: 0xa03b2d10L (invalid)

machinetype.......: 0x14c (I386)
 

( 7 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x15d000 0x15c600 6.51 e7e5163d68aae3e3df1c27a467d9c177

.data 0x15e000 0x30000 0x1b400 5.07 b9e0f7d0e196e0620965ee9d6badc952

.tls 0x18e000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

.rdata 0x18f000 0x1000 0x200 0.21 c57356aadbf85114b76bf712ff1d23dd

.idata 0x190000 0x3000 0x2e00 5.27 f646a95e2e0c7b1d873b9a6fefd7f78e

.edata 0x193000 0x1000 0x200 2.44 dc1e37693808104e52bcf5c86556308a

.rsrc 0x194000 0x3a000 0x39e00 4.44 861837d68b0def22e36e933bc752072e
 

( 12 imports )

> ADVAPI32.dll: RegCloseKey, RegCreateKeyA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueA, RegSetValueA, RegSetValueExA

> KERNEL32.dll: CloseHandle, CompareFileTime, CopyFileA, CreateDirectoryA, CreateEventA, CreateFileA, CreateThread, DeleteFileA, DuplicateHandle, EnterCriticalSection, ExitProcess, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstFileA, FindNextChangeNotification, FindNextFileA, FindResourceA, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetFileAttributesA, GetFileSize, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileStringA, GetProcAddress, GetShortPathNameA, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetTempPathA, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GetVolumeInformationA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatus, GlobalSize, GlobalUnlock, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryA, LoadResource, LocalAlloc, LocalFree, LocalReAlloc, LockResource, MapViewOfFile, MoveFileA, MoveFileExA, MulDiv, MultiByteToWideChar, OpenFile, OpenFileMappingA, QueryDosDeviceA, RaiseException, ReadFile, RemoveDirectoryA, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetErrorMode, SetEvent, SetFileAttributesA, SetFilePointer, SetHandleCount, SetStdHandle, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, UnmapViewOfFile, VirtualAlloc, VirtualFree, VirtualQuery, WaitForMultipleObjects, WideCharToMultiByte, WinExec, WriteFile, WritePrivateProfileStringA, _hread, _hwrite, _lclose, _llseek, _lopen, _lwrite, lstrcatA, lstrcmpA, lstrcpyA, lstrcpynA, lstrlenA

> MPR.dll: WNetCloseEnum, WNetEnumResourceA, WNetOpenEnumA

> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA

> WSOCK32.dll: WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncSelect, WSACancelAsyncRequest, WSACleanup, WSAGetLastError, WSAStartup, accept, closesocket, connect, gethostname, getsockname, htonl, htons, inet_addr, inet_ntoa, listen, ntohl, ntohs, recv, recvfrom, send, sendto, setsockopt, shutdown, socket, bind

> COMDLG32.dll: ChooseColorA, ChooseFontA, GetOpenFileNameA

> GDI32.dll: BitBlt, CombineRgn, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBitmap, CreateFontA, CreateFontIndirectA, CreateHatchBrush, CreatePalette, CreatePatternBrush, CreatePen, CreatePolygonRgn, CreateRectRgn, CreateSolidBrush, DeleteDC, DeleteObject, Ellipse, ExcludeClipRect, ExtFloodFill, ExtTextOutA, GetDIBits, GetDeviceCaps, GetNearestColor, GetObjectA, GetObjectType, GetPixel, GetStockObject, GetTextExtentPointA, GetTextMetricsA, LineTo, MoveToEx, PatBlt, Polyline, PtInRegion, Rectangle, RoundRect, SelectClipRgn, SelectObject, SetBkColor, SetBkMode, SetBrushOrgEx, SetPixel, SetPixelV, SetROP2, SetStretchBltMode, SetTextColor, SetWindowOrgEx, StretchBlt, StretchDIBits, TextOutA

> SHELL32.dll: DragAcceptFiles, DragFinish, DragQueryFileA, DragQueryPoint, ExtractIconA, FindExecutableA, SHBrowseForFolderA, SHFileOperationA, SHGetDesktopFolder, SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderLocation, ShellExecuteA, Shell_NotifyIconA

> USER32.dll: AppendMenuA, BeginDeferWindowPos, BeginPaint, BringWindowToTop, CallNextHookEx, CallWindowProcA, CharLowerA, CharLowerBuffA, CheckDlgButton, CheckMenuItem, ChildWindowFromPointEx, ClientToScreen, ClipCursor, CloseClipboard, CopyRect, CreateDialogParamA, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, DdeAccessData, DdeClientTransaction, DdeConnect, DdeCreateDataHandle, DdeCreateStringHandleA, DdeDisconnect, DdeFreeDataHandle, DdeFreeStringHandle, DdeInitializeA, DdeNameService, DdeQueryStringA, DdeUnaccessData, DdeUninitialize, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeferWindowPos, DeleteMenu, DestroyIcon, DestroyMenu, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawFocusRect, DrawIcon, DrawMenuBar, DrawTextA, EmptyClipboard, EnableMenuItem, EnableWindow, EndDeferWindowPos, EndDialog, EndPaint, EnumThreadWindows, EqualRect, FillRect, FindWindowA, FindWindowExA, FlashWindow, FrameRect, GetActiveWindow, GetAsyncKeyState, GetCapture, GetClassNameA, GetClientRect, GetClipboardData, GetCursorPos, GetDC, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyState, GetKeyboardState, GetMenu, GetMenuCheckMarkDimensions, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetMessageA, GetNextDlgTabItem, GetParent, GetScrollPos, GetScrollRange, GetSubMenu, GetSysColor, GetSystemMenu, GetSystemMetrics, GetTopWindow, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthA, GetWindowThreadProcessId, InsertMenuA, InvalidateRect, InvertRect, IsCharAlphaNumericA, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsDlgButtonChecked, IsIconic, IsMenu, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadAcceleratorsA, LoadBitmapA, LoadCursorA, LoadIconA, LoadMenuA, LoadStringA, MapVirtualKeyA, MapWindowPoints, MessageBeep, MessageBoxA, ModifyMenuA, MoveWindow, OpenClipboard, PostMessageA, PostQuitMessage, PtInRect, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, ScreenToClient, ScrollDC, SendDlgItemMessageA, SendMessageA, SetActiveWindow, SetCapture, SetClipboardData, SetCursor, SetDlgItemInt, SetFocus, SetForegroundWindow, SetKeyboardState, SetMenu, SetMenuItemInfoA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowsHookExA, ShowCursor, ShowScrollBar, ShowWindow, SystemParametersInfoA, ToAscii, TrackPopupMenu, TranslateAcceleratorA, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UpdateWindow, ValidateRect, WinHelpA, WindowFromPoint, wsprintfA

> WINMM.dll: mciGetDeviceIDA, mciGetErrorStringA, mciSendStringA, mixerClose, mixerGetControlDetailsA, mixerGetLineControlsA, mixerGetLineInfoA, mixerOpen, mixerSetControlDetails, sndPlaySoundA, timeBeginPeriod, timeEndPeriod, timeGetDevCaps, timeKillEvent, timeSetEvent

> OLE32.dll: CLSIDFromProgID, CoCreateInstance, OleInitialize, OleUninitialize

> OLEAUT32.dll: LoadRegTypeLib, SetErrorInfo, SysAllocString, SysFreeString, VarCyFromR8, VarDateFromR8, VarR8FromCy, VarR8FromDate, VariantChangeType, VariantClear, VariantInit
 

( 5 exports )

@__lockDebuggerData$qv, @__unlockDebuggerData$qv, __DebuggerHookData, __GetExceptDLLinfo, ___CPPdebugHook

ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=b766003f431cad186bd115f5761592d1

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=DA20640A0071AB3952D61BADD22309006AF4D525

Und hier der Bericht von der Mirc6.17 exe

Code:

AhnLab-V3        2008.10.14.0        2008.10.13        Win-Trojan/MircPack.1790464

AntiVir        7.8.1.34        2008.10.13        -

Authentium        5.1.0.4        2008.10.13        W32/Renamed_mIRC.gen!Eldorado

Avast        4.8.1248.0        2008.10.12        -

AVG        8.0.0.161        2008.10.13        -

BitDefender        7.2        2008.10.13        Backdoor.IRC.ZFZ

CAT-QuickHeal        9.50        2008.10.13        Backdoor.mIRC-based

ClamAV        0.93.1        2008.10.13        -

DrWeb        4.44.0.09170        2008.10.13        -

eSafe        7.0.17.0        2008.10.12        Win32.mIRC-based

eTrust-Vet        31.6.6146        2008.10.13        -

Ewido        4.0        2008.10.13        -

F-Prot        4.4.4.56        2008.10.12        W32/Renamed_mIRC.gen!Eldorado

F-Secure        8.0.14332.0        2008.10.13        Backdoor.Win32.mIRC-based

Fortinet        3.113.0.0        2008.10.13        IRC/Client

GData        19        2008.10.13        Backdoor.IRC.ZFZ

Ikarus        T3.1.1.34.0        2008.10.13        IRC-Worm.Win32.Tedeto.a

K7AntiVirus        7.10.492        2008.10.13        Non-Virus:Client-IRC.Win32.mIRC.603

Kaspersky        7.0.0.125        2008.10.13        Backdoor.Win32.mIRC-based

McAfee        5403        2008.10.11        potentially unwanted program IRC/Client

Microsoft        1.4005        2008.10.13        -

NOD32        3518        2008.10.13        -

Norman        5.80.02        2008.10.13        -

Panda        9.0.0.4        2008.10.13        Bck/MIRCBased.BI

PCTools        4.4.2.0        2008.10.13        Backdoor.IRCBot

Prevx1        V2        2008.10.13        Malicious Software

Rising        20.66.02.00        2008.10.13        -

SecureWeb-Gateway        6.7.6        2008.10.13        Trojan.LooksLike.PSW

Sophos        4.34.0        2008.10.13        -

Sunbelt        3.1.1719.1        2008.10.13        mIRC based

Symantec        10        2008.10.13        -

TheHacker        6.3.1.0.109        2008.10.13        Aplicacion/Riskware.mIRC.6.03

TrendMicro        8.700.0.1004        2008.10.13        -

VBA32        3.12.8.6        2008.10.13        BackDoor.IRC.based

ViRobot        2008.10.13.1417        2008.10.13        Trojan.Win32.IRCFlood.1790465

VirusBuster        4.5.11.0        2008.10.13        -

weitere Informationen

File size: 1790464 bytes

MD5...: b766003f431cad186bd115f5761592d1

SHA1..: 33cdfe6f7fa6b321f9a51cc051c32ba924164b10

SHA256: 22bdb2606020b82349a629248b599b64235c91e8b450e355a245ef09ece57e1d

SHA512: d03cabf713c14a40588ec3d5d7c89be91a0bc2e7b472464ed058b2cce0afe58e

aaf7386ce5e6297218b3e677e290625506760ad883412b7f94c3330aa9b9f834

PEiD..: -

TrID..: File type identification

Win32 Dynamic Link Library - Borland C/C++ (74.3%)

InstallShield setup (14.5%)

DOS Executable Borland C++ (4.3%)

Win32 Executable Generic (2.8%)

Win32 Dynamic Link Library (generic) (2.5%)

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x401000

timedatestamp.....: 0xa03b2d10L (invalid)

machinetype.......: 0x14c (I386)
 

( 7 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x15d000 0x15c600 6.51 e7e5163d68aae3e3df1c27a467d9c177

.data 0x15e000 0x30000 0x1b400 5.07 b9e0f7d0e196e0620965ee9d6badc952

.tls 0x18e000 0x1000 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

.rdata 0x18f000 0x1000 0x200 0.21 c57356aadbf85114b76bf712ff1d23dd

.idata 0x190000 0x3000 0x2e00 5.27 f646a95e2e0c7b1d873b9a6fefd7f78e

.edata 0x193000 0x1000 0x200 2.44 dc1e37693808104e52bcf5c86556308a

.rsrc 0x194000 0x3a000 0x39e00 4.44 861837d68b0def22e36e933bc752072e
 

( 12 imports )

> ADVAPI32.dll: RegCloseKey, RegCreateKeyA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueA, RegSetValueA, RegSetValueExA

> KERNEL32.dll: CloseHandle, CompareFileTime, CopyFileA, CreateDirectoryA, CreateEventA, CreateFileA, CreateThread, DeleteFileA, DuplicateHandle, EnterCriticalSection, ExitProcess, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstFileA, FindNextChangeNotification, FindNextFileA, FindResourceA, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetFileAttributesA, GetFileSize, GetFileTime, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileStringA, GetProcAddress, GetShortPathNameA, GetStartupInfoA, GetStdHandle, GetStringTypeW, GetTempPathA, GetTickCount, GetTimeZoneInformation, GetVersion, GetVersionExA, GetVolumeInformationA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalMemoryStatus, GlobalSize, GlobalUnlock, InitializeCriticalSection, LeaveCriticalSection, LoadLibraryA, LoadResource, LocalAlloc, LocalFree, LocalReAlloc, LockResource, MapViewOfFile, MoveFileA, MoveFileExA, MulDiv, MultiByteToWideChar, OpenFile, OpenFileMappingA, QueryDosDeviceA, RaiseException, ReadFile, RemoveDirectoryA, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetErrorMode, SetEvent, SetFileAttributesA, SetFilePointer, SetHandleCount, SetStdHandle, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, UnmapViewOfFile, VirtualAlloc, VirtualFree, VirtualQuery, WaitForMultipleObjects, WideCharToMultiByte, WinExec, WriteFile, WritePrivateProfileStringA, _hread, _hwrite, _lclose, _llseek, _lopen, _lwrite, lstrcatA, lstrcmpA, lstrcpyA, lstrcpynA, lstrlenA

> MPR.dll: WNetCloseEnum, WNetEnumResourceA, WNetOpenEnumA

> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA

> WSOCK32.dll: WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncSelect, WSACancelAsyncRequest, WSACleanup, WSAGetLastError, WSAStartup, accept, closesocket, connect, gethostname, getsockname, htonl, htons, inet_addr, inet_ntoa, listen, ntohl, ntohs, recv, recvfrom, send, sendto, setsockopt, shutdown, socket, bind

> COMDLG32.dll: ChooseColorA, ChooseFontA, GetOpenFileNameA

> GDI32.dll: BitBlt, CombineRgn, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBitmap, CreateFontA, CreateFontIndirectA, CreateHatchBrush, CreatePalette, CreatePatternBrush, CreatePen, CreatePolygonRgn, CreateRectRgn, CreateSolidBrush, DeleteDC, DeleteObject, Ellipse, ExcludeClipRect, ExtFloodFill, ExtTextOutA, GetDIBits, GetDeviceCaps, GetNearestColor, GetObjectA, GetObjectType, GetPixel, GetStockObject, GetTextExtentPointA, GetTextMetricsA, LineTo, MoveToEx, PatBlt, Polyline, PtInRegion, Rectangle, RoundRect, SelectClipRgn, SelectObject, SetBkColor, SetBkMode, SetBrushOrgEx, SetPixel, SetPixelV, SetROP2, SetStretchBltMode, SetTextColor, SetWindowOrgEx, StretchBlt, StretchDIBits, TextOutA

> SHELL32.dll: DragAcceptFiles, DragFinish, DragQueryFileA, DragQueryPoint, ExtractIconA, FindExecutableA, SHBrowseForFolderA, SHFileOperationA, SHGetDesktopFolder, SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderLocation, ShellExecuteA, Shell_NotifyIconA

> USER32.dll: AppendMenuA, BeginDeferWindowPos, BeginPaint, BringWindowToTop, CallNextHookEx, CallWindowProcA, CharLowerA, CharLowerBuffA, CheckDlgButton, CheckMenuItem, ChildWindowFromPointEx, ClientToScreen, ClipCursor, CloseClipboard, CopyRect, CreateDialogParamA, CreateIconIndirect, CreateMenu, CreatePopupMenu, CreateWindowExA, DdeAccessData, DdeClientTransaction, DdeConnect, DdeCreateDataHandle, DdeCreateStringHandleA, DdeDisconnect, DdeFreeDataHandle, DdeFreeStringHandle, DdeInitializeA, DdeNameService, DdeQueryStringA, DdeUnaccessData, DdeUninitialize, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeferWindowPos, DeleteMenu, DestroyIcon, DestroyMenu, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawFocusRect, DrawIcon, DrawMenuBar, DrawTextA, EmptyClipboard, EnableMenuItem, EnableWindow, EndDeferWindowPos, EndDialog, EndPaint, EnumThreadWindows, EqualRect, FillRect, FindWindowA, FindWindowExA, FlashWindow, FrameRect, GetActiveWindow, GetAsyncKeyState, GetCapture, GetClassNameA, GetClientRect, GetClipboardData, GetCursorPos, GetDC, GetDesktopWindow, GetDialogBaseUnits, GetDlgCtrlID, GetDlgItem, GetDlgItemInt, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyState, GetKeyboardState, GetMenu, GetMenuCheckMarkDimensions, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetMessageA, GetNextDlgTabItem, GetParent, GetScrollPos, GetScrollRange, GetSubMenu, GetSysColor, GetSystemMenu, GetSystemMetrics, GetTopWindow, GetWindow, GetWindowDC, GetWindowLongA, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthA, GetWindowThreadProcessId, InsertMenuA, InvalidateRect, InvertRect, IsCharAlphaNumericA, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsDlgButtonChecked, IsIconic, IsMenu, IsWindow, IsWindowEnabled, IsWindowVisible, IsZoomed, KillTimer, LoadAcceleratorsA, LoadBitmapA, LoadCursorA, LoadIconA, LoadMenuA, LoadStringA, MapVirtualKeyA, MapWindowPoints, MessageBeep, MessageBoxA, ModifyMenuA, MoveWindow, OpenClipboard, PostMessageA, PostQuitMessage, PtInRect, RedrawWindow, RegisterClassA, RegisterClassExA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, ScreenToClient, ScrollDC, SendDlgItemMessageA, SendMessageA, SetActiveWindow, SetCapture, SetClipboardData, SetCursor, SetDlgItemInt, SetFocus, SetForegroundWindow, SetKeyboardState, SetMenu, SetMenuItemInfoA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowsHookExA, ShowCursor, ShowScrollBar, ShowWindow, SystemParametersInfoA, ToAscii, TrackPopupMenu, TranslateAcceleratorA, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UpdateWindow, ValidateRect, WinHelpA, WindowFromPoint, wsprintfA

> WINMM.dll: mciGetDeviceIDA, mciGetErrorStringA, mciSendStringA, mixerClose, mixerGetControlDetailsA, mixerGetLineControlsA, mixerGetLineInfoA, mixerOpen, mixerSetControlDetails, sndPlaySoundA, timeBeginPeriod, timeEndPeriod, timeGetDevCaps, timeKillEvent, timeSetEvent

> OLE32.dll: CLSIDFromProgID, CoCreateInstance, OleInitialize, OleUninitialize

> OLEAUT32.dll: LoadRegTypeLib, SetErrorInfo, SysAllocString, SysFreeString, VarCyFromR8, VarDateFromR8, VarR8FromCy, VarR8FromDate, VariantChangeType, VariantClear, VariantInit
 

( 5 exports )

@__lockDebuggerData$qv, @__unlockDebuggerData$qv, __DebuggerHookData, __GetExceptDLLinfo, ___CPPdebugHook

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=DA20640A0071AB3952D61BADD22309006AF4D525

ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=b766003f431cad186bd115f5761592d1