5/27/2010

bu8.exe virüsü ve çözümü





dosya bilgileri


File size: 317974 bytes


MD5...: 7c9d4e47195ce3c14b74634f4bea39d9


SHA1..: fe4eafa2b443d19cb1a58dbabf7c6852cde5f479


SHA256: 2fda50234181e5ba6a6fbae03e2cdeb0fcc496bb3eea113cecc5e76f5482fe47


ssdeep: 6144:IjqAWrRgNlxmwJcoQrNBT7gtkwPuXJfJ5avwSopJarfu334pE3gdBWiWwg:

8qAWrRgmwJ6JlatFv2pcu3osgTWik








PEiD..: -


PEInfo: -


RDS...: NSRL Reference Data Set


-


pdfid.: -


trid..: RAR Archive (83.3%)


REALbasic Project (16.6%)


sigcheck:


publisher....: n/a


copyright....: n/a


product......: n/a


description..: n/a


original name: n/a


internal name: n/a


file version.: n/a


comments.....: n/a


signers......: -


signing date.: -


verified.....: Unsigned








packers (Kaspersky): ASPack


packers (F-Prot): Aspack


Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99


http://info.prevx.com/aboutprogramtext.asp?PX5=856F6887005E9B46C44E010D08A7580073682123


bu8.exe
%Temp%\bu8.exe




%Temp%\herss.exe




%Temp%\nodqq0.dll




%Temp%\cvasds0.dll




%Temp%\nodqq1.dll




%Temp%\cvasds1.dll




%Temp%\nodqq2.dll




%Temp%\cvasds2.dll








sürücü:\bu8.exe


Sürücü:\autorun.inf




%Temp% = C:\Documents and Settings\kullanıcıadı\Local Settings\Temp\
Çözüm
hijackthis ve combofix programlarını kullandıktan sonra




aşağıdaki antivirüslerden herhangi biri ile tarama yapmak






Temizleyen Antivirüsler










AhnLab-V3 2010. Win-Trojan/Magania.119649
AntiVir 8.2.1.242  TR/PSW.OnLineGa.bbe
Antiy-AVL 2.0.3.7  Trojan/Win32.Magania.gen
Authentium 5.2.0.5  W32/Taterf.A!Generic
Avast 4.8.1351.0  Win32:Crypt-FRO
Avast5 5.0.332.0  Win32:Crypt-FRO
AVG 9.0.0.787   PSW.OnlineGames3.YLO
BitDefender 7.2   Trojan.Agent.AORM
CAT-QuickHeal 10.00  Trojan.Agent.WD
ClamAV 0.96.0.3   PUA.Packed.ASPack
Comodo 4942  TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300  Trojan.PWS.Wsgame.13295
eSafe 7.0.17.0 Win32.TRPSW.OnlineGa
F-Prot 4.6.0.103  W32/Taterf.A!Generic
F-Secure 9.0.15370.0  Packed:W32/NSAnti.gen!C
Fortinet 4.1.133.0 W32/Magania.CQIS!tr.pws
GData 21  Trojan.Agent.AORM
Ikarus T3.1.1.84.0  Worm.Win32.Taterf
Jiangmin 13.0.900  Trojan/PSW.Magania.aend
Kaspersky 7.0.0.125  Trojan-GameThief.Win32.Magania.cqis
McAfee 5.400.0.1158  PWS-Mmorpg!jv
McAfee-GW-Edition  Artemis!CAA485B646F6
Microsoft 1.5802  Worm:Win32/Taterf.B
NOD32 5151  Win32/PSW.OnLineGames.NNU
Norman 6.04.12  OnLineGames.KGCC
Panda 10.0.2.7  Suspicious file
PCTools 7.0.3.5  Trojan-PSW.Gampass
Prevx 3.0 Medium Risk Malware
Rising 22.49.03.04  Trojan.PSW.Win32.GameOnline.by
Sophos 4.53.0  Mal/Taterf-A
Sunbelt 6365 BehavesLike.Win32.Malware (v)
Symantec 20101.1.0.89  Infostealer.Gampass
TheHacker 6.5.2.0.288  Trojan/Magania.cqis
TrendMicro 9.120.0.1004  TROJ_GAMETHI.GSU
TrendMicro-HouseCall 9. WORM_TATERF.AW
VBA32 3 BScope.Trojan-PSW.AmGames
VirusBuster  Trojan.Magania.Gen!Pac.3
zaman: Etiketler: , , , , ,

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)
Related Posts Plugin for WordPress, Blogger...