1/10/2010

8xcrbho6.exe çözümü

herss.exe
trojanın dosyaları...
C:\mltox.exe
C:\autorun.inf
c:\docume~1\DONANM~1\LOCALS~1\Temp\cvasds0.dll
c:\docume~1\DONANM~1\LOCALS~1\Temp\cvasds1.dll
c:\windows\temp.exe
c:\windows\unins000.dat
c:\windows\unins000.exe
D:\autorun.inf
cvasds0.dll
cvasds1.dll
8xcrbho6.exe
ljy.exe
31lyx.exe
mltox.exe
8xcrbho6.exe
ljy.exe
31lyx.exe
mltox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m|Pë [X]

Çözüm İçin Tıkla


virüs total sonuçları
Antivirüs Versiyon Son Güncelleştirme Sonuç
a-squared 4.5.0.48 2010.01.11 -
AhnLab-V3 5.0.0.2 2010.01.11 -
AntiVir 7.9.1.134 2010.01.11 -
Antiy-AVL 2.0.3.7 2010.01.11 -
Authentium 5.2.0.5 2010.01.11 -
Avast 4.8.1351.0 2010.01.11 -
AVG 9.0.0.725 2010.01.11 -
BitDefender 7.2 2010.01.11 -
CAT-QuickHeal 10.00 2010.01.11 -
ClamAV 0.94.1 2010.01.11 PUA.Packed.ASPack212
Comodo 3549 2010.01.11 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.1.12222 2010.01.11 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2010.01.11 -
eTrust-Vet 35.2.7229 2010.01.11 -
F-Prot 4.5.1.85 2010.01.10 -
F-Secure 9.0.15370.0 2010.01.11 Suspicious:W32/Riskware!Online
Fortinet 4.0.14.0 2010.01.09 -
GData 19 2010.01.11 -
Ikarus T3.1.1.80.0 2010.01.11 -
Jiangmin 13.0.900 2010.01.11 -
K7AntiVirus 7.10.944 2010.01.11 -
Kaspersky 7.0.0.125 2010.01.11 -
McAfee 5858 2010.01.11 -
McAfee+Artemis 5858 2010.01.11 Artemis!379BA4856AF8
McAfee-GW-Edition 6.8.5 2010.01.11 Heuristic.LooksLike.Win32.Suspicious.H
Microsoft 1.5302 2010.01.11 -
NOD32 4762 2010.01.11 a variant of Win32/PSW.OnLineGames.ORO
Norman 6.04.03 2010.01.11 -
nProtect 2009.1.8.0 2010.01.11 -
Panda 10.0.2.2 2010.01.11 Generic Malware
PCTools 7.0.3.5 2010.01.11 -
Prevx 3.0 2010.01.11 High Risk Cloaked Malware
Rising 22.30.00.05 2010.01.11 Packer.Win32.UnkPacker.a
Sophos 4.49.0 2010.01.11 -
Sunbelt 3.2.1858.2 2010.01.11 Worm.Win32.AutoRun
Symantec 20091.2.0.41 2010.01.11 -
TheHacker 6.5.0.3.146 2010.01.11 -
TrendMicro 9.120.0.1004 2010.01.11 PAK_Generic.001
VBA32 3.12.12.1 2010.01.11 -
ViRobot 2010.1.11.2130 2010.01.11 -
VirusBuster 5.0.21.0 2010.01.11 -
Ýlave Bilgiler
File size: 122368 bytes
MD5 : 379ba4856af8e0987709e72012ddbc89
SHA1 : f11f611dabfa9c327ac8bb73950991ad84450d4a
SHA256: 64c6dfb94704c0c30031bba9227d4e6f1717df632870a5d1707294746a610250
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x76001
timedatestamp.....: 0x4B3DF26E (Fri Jan 1 14:02:38 2010)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3000 0x2B3A 0.00 dbe46740ba7d06a6c992a87ff3ff515b
.data 0x4000 0x59000 0x13FD 0.00 7af1394a8a613cf3a0b3b83c60c446cf
.idata 0x5D000 0x18000 0x17400 7.68 e208f6fe0b688a29a40bf46893066942
.rdata 0x75000 0x1000 0x600 3.84 2e9ed08df9d110d60b1ae7e5c69d5e7c
.aspack 0x76000 0x2000 0x2000 6.84 9ae8e4b6a07d05abafadfba3ed48a673
.adata 0x78000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 3 imports )

> advapi32.dll: CreateRestrictedToken, CryptReleaseContext, SetEntriesInAclW, CopySid, CryptAcquireContextW, QueryServiceConfig2A, RegDeleteKeyA, DecryptFileA, PrivilegeCheck
> kernel32.dll: GetNumberFormatW, EnumResourceNamesA, GetProfileSectionA, GetFullPathNameA, EnumResourceLanguagesA, GetPrivateProfileIntW, EnumResourceTypesA, GetVersion, FindFirstVolumeA, CopyFileA, EscapeCommFunction, FindFirstFileExA, LoadModule, CreateDirectoryExW, GetCommandLineW, GetProcAddress, GetModuleFileNameW, ExitProcess, GetEnvironmentStringsW, GetCommTimeouts, GetProcessShutdownParameters, FindResourceW, LoadLibraryA, DisconnectNamedPipe, CreateDirectoryExW
> user32.dll: DrawTextA, DlgDirSelectExW, DrawFrameControl, GetCursorInfo, DrawStateW, GetClassLongW, GetClipboardOwner, DestroyMenu

( 0 exports )

TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:UqGLpya/2Yp9yhhJnrVbI/SDRXs+Ak1bjzzkdL:32tuJxa/SFnBvC
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=B7717EF40025065FDE850154F6047A009407A766
PEiD : -
packers (Kaspersky): ASPack
RDS : NSRL Reference Data Set

Hiç yorum yok:

Related Posts Plugin for WordPress, Blogger...