3/10/2010

ey.exe çözümü

C:\autorun.inf
c:\docume~1\M94F8~1\LOCALS~1\Temp\cvasds1.dll
c:\docume~1\M94F8~1\LOCALS~1\Temp\herss.exe
D:\Autorun.inf
C:\ey.exe
D:\ey.exe
Bu bir Truva atıdır.
başlat\msconfig te herss.exe yi çalıştırır...
yani bilgisayar her açılışında devreye girer..


Çözüm İçin Tıkla




ey.exe için
12 mart 2010 cuma
virüstotal.com sonuçları


Antivirüs Versiyon Son Güncelleştirme Sonuç
a-squared 4.5.0.50 2010.03.12 Worm.Win32.Taterf!IK
AhnLab-V3 5.0.0.2 2010.03.12 -
AntiVir 8.2.1.180 2010.03.12 TR/PSW.Frethog.121856.H
Antiy-AVL 2.0.3.7 2010.03.12 -
Authentium 5.2.0.5 2010.03.12 -
Avast 4.8.1351.0 2010.03.12 -
Avast5 5.0.332.0 2010.03.12 -
AVG 9.0.0.787 2010.03.12 -
BitDefender 7.2 2010.03.12 -
CAT-QuickHeal 10.00 2010.03.12 Win32.Worm.Taterf.B.6
ClamAV 0.96.0.0-git 2010.03.12 -
Comodo 4240 2010.03.12 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.1.12222 2010.03.12 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2010.03.11 Win32.PWSFrethog
eTrust-Vet 35.2.7357 2010.03.12 -
F-Prot 4.5.1.85 2010.03.12 -
F-Secure 9.0.15370.0 2010.03.12 -
Fortinet 4.0.14.0 2010.03.09 -
GData 19 2010.03.12 -
Ikarus T3.1.1.80.0 2010.03.12 Worm.Win32.Taterf
Jiangmin 13.0.900 2010.03.12 -
K7AntiVirus 7.10.996 2010.03.12 -
Kaspersky 7.0.0.125 2010.03.12 -
McAfee 5918 2010.03.12 -
McAfee+Artemis 5918 2010.03.12 Artemis!CE8DBC5404F2
McAfee-GW-Edition 6.8.5 2010.03.12 Heuristic.LooksLike.Trojan.Dldr.Piker.B
Microsoft 1.5502 2010.03.12 PWS:Win32/Frethog.gen!H
NOD32 4940 2010.03.12 Win32/PSW.OnLineGames.NWF
Norman 6.04.08 2010.03.12 -
nProtect 2009.1.8.0 2010.03.12 -
Panda 10.0.2.2 2010.03.12 -
PCTools 7.0.3.5 2010.03.12 -
Prevx 3.0 2010.03.12 Medium Risk Malware
Rising 22.38.04.03 2010.03.12 Trojan.Win32.Generic.51FAD093
Sophos 4.51.0 2010.03.12 Mal/Generic-A
Sunbelt 5843 2010.03.12 Worm.Win32.AutoRun
Symantec 20091.2.0.41 2010.03.12 Suspicious.Insight
TheHacker 6.5.2.0.232 2010.03.12 Trojan/OnLineGames.nwf
TrendMicro 9.120.0.1004 2010.03.12 WORM_FRETHOG.LP
VBA32 3.12.12.2 2010.03.12 -
ViRobot 2010.3.12.2224 2010.03.12 -
VirusBuster 5.0.27.0 2010.03.12 -
Ýlave Bilgiler
File size: 121856 bytes
MD5...: ce8dbc5404f2af10b785caec3a310691
SHA1..: 9bbf5d363b2528045060b791516e26a96c6244d8
SHA256: 1e2ef6c5702e4d1e801ab80034c58b4d39cb240d4912115c9661053213143eac
ssdeep: 3072:4g8RY/j6W3d+2W6+HoZqXLgy1uZdM1IFTugA:0gW2W6+Aszv1IMt


PEiD..: -
PEInfo: PE Structure information


( base data )
entrypointaddress.: 0x5f001
timedatestamp.....: 0x4b95ee72 (Tue Mar 09 06:45:06 2010)
machinetype.......: 0x14c (I386)


( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2000 0x1600 7.73 c825f51bf02ec5955d40e4e6cceb7347
.data 0x3000 0x40000 0x1400 7.68 27ebeb7965066c54a9975c30ab7cb2e3
.idata 0x43000 0x1b000 0x19000 8.00 1252c7233df4911fc65d27159bb0d666
.rdata 0x5e000 0x1000 0xc00 4.54 999d2f4fe3c6a377b1644973bf40473d
.aspack 0x5f000 0x1000 0x1000 6.11 e46fb4102b1a503c8899cb2c6be23e41
.adata 0x60000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e


( 1 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA


( 0 exports )


RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



Hiç yorum yok:

Related Posts Plugin for WordPress, Blogger...