herss.exe
trojanın dosyaları...
C:\mltox.exe
C:\autorun.inf
c:\docume~1\DONANM~1\LOCALS~1\Temp\cvasds0.dll
c:\docume~1\DONANM~1\LOCALS~1\Temp\cvasds1.dll
c:\windows\temp.exe
c:\windows\unins000.dat
c:\windows\unins000.exe
D:\autorun.inf
cvasds0.dll
cvasds1.dll
8xcrbho6.exe
ljy.exe
31lyx.exe
mltox.exe
8xcrbho6.exe
ljy.exe
31lyx.exe
mltox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
m|Pë [X]
Çözüm İçin Tıkla
virüs total sonuçları
Antivirüs Versiyon Son Güncelleştirme Sonuç 
a-squared 4.5.0.48 2010.01.11 - 
AhnLab-V3 5.0.0.2 2010.01.11 - 
AntiVir 7.9.1.134 2010.01.11 - 
Antiy-AVL 2.0.3.7 2010.01.11 - 
Authentium 5.2.0.5 2010.01.11 - 
Avast 4.8.1351.0 2010.01.11 - 
AVG 9.0.0.725 2010.01.11 - 
BitDefender 7.2 2010.01.11 - 
CAT-QuickHeal 10.00 2010.01.11 - 
ClamAV 0.94.1 2010.01.11 PUA.Packed.ASPack212 
Comodo 3549 2010.01.11 TrojWare.Win32.Trojan.Agent.Gen 
DrWeb 5.0.1.12222 2010.01.11 Trojan.PWS.Wsgame.12661 
eSafe 7.0.17.0 2010.01.11 - 
eTrust-Vet 35.2.7229 2010.01.11 - 
F-Prot 4.5.1.85 2010.01.10 - 
F-Secure 9.0.15370.0 2010.01.11 Suspicious:W32/Riskware!Online 
Fortinet 4.0.14.0 2010.01.09 - 
GData 19 2010.01.11 - 
Ikarus T3.1.1.80.0 2010.01.11 - 
Jiangmin 13.0.900 2010.01.11 - 
K7AntiVirus 7.10.944 2010.01.11 - 
Kaspersky 7.0.0.125 2010.01.11 - 
McAfee 5858 2010.01.11 - 
McAfee+Artemis 5858 2010.01.11 Artemis!379BA4856AF8 
McAfee-GW-Edition 6.8.5 2010.01.11 Heuristic.LooksLike.Win32.Suspicious.H 
Microsoft 1.5302 2010.01.11 - 
NOD32 4762 2010.01.11 a variant of Win32/PSW.OnLineGames.ORO 
Norman 6.04.03 2010.01.11 - 
nProtect 2009.1.8.0 2010.01.11 - 
Panda 10.0.2.2 2010.01.11 Generic Malware 
PCTools 7.0.3.5 2010.01.11 - 
Prevx 3.0 2010.01.11 High Risk Cloaked Malware 
Rising 22.30.00.05 2010.01.11 Packer.Win32.UnkPacker.a 
Sophos 4.49.0 2010.01.11 - 
Sunbelt 3.2.1858.2 2010.01.11 Worm.Win32.AutoRun 
Symantec 20091.2.0.41 2010.01.11 - 
TheHacker 6.5.0.3.146 2010.01.11 - 
TrendMicro 9.120.0.1004 2010.01.11 PAK_Generic.001 
VBA32 3.12.12.1 2010.01.11 - 
ViRobot 2010.1.11.2130 2010.01.11 - 
VirusBuster 5.0.21.0 2010.01.11 - 
Ýlave Bilgiler 
File size: 122368 bytes 
MD5 : 379ba4856af8e0987709e72012ddbc89 
SHA1 : f11f611dabfa9c327ac8bb73950991ad84450d4a 
SHA256: 64c6dfb94704c0c30031bba9227d4e6f1717df632870a5d1707294746a610250 
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x76001
timedatestamp.....: 0x4B3DF26E (Fri Jan 1 14:02:38 2010)
machinetype.......: 0x14C (Intel I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3000 0x2B3A 0.00 dbe46740ba7d06a6c992a87ff3ff515b
.data 0x4000 0x59000 0x13FD 0.00 7af1394a8a613cf3a0b3b83c60c446cf
.idata 0x5D000 0x18000 0x17400 7.68 e208f6fe0b688a29a40bf46893066942
.rdata 0x75000 0x1000 0x600 3.84 2e9ed08df9d110d60b1ae7e5c69d5e7c
.aspack 0x76000 0x2000 0x2000 6.84 9ae8e4b6a07d05abafadfba3ed48a673
.adata 0x78000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 3 imports )
> advapi32.dll: CreateRestrictedToken, CryptReleaseContext, SetEntriesInAclW, CopySid, CryptAcquireContextW, QueryServiceConfig2A, RegDeleteKeyA, DecryptFileA, PrivilegeCheck
> kernel32.dll: GetNumberFormatW, EnumResourceNamesA, GetProfileSectionA, GetFullPathNameA, EnumResourceLanguagesA, GetPrivateProfileIntW, EnumResourceTypesA, GetVersion, FindFirstVolumeA, CopyFileA, EscapeCommFunction, FindFirstFileExA, LoadModule, CreateDirectoryExW, GetCommandLineW, GetProcAddress, GetModuleFileNameW, ExitProcess, GetEnvironmentStringsW, GetCommTimeouts, GetProcessShutdownParameters, FindResourceW, LoadLibraryA, DisconnectNamedPipe, CreateDirectoryExW
> user32.dll: DrawTextA, DlgDirSelectExW, DrawFrameControl, GetCursorInfo, DrawStateW, GetClassLongW, GetClipboardOwner, DestroyMenu
( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
ssdeep: 3072:UqGLpya/2Yp9yhhJnrVbI/SDRXs+Ak1bjzzkdL:32tuJxa/SFnBvC 
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=B7717EF40025065FDE850154F6047A009407A766 
PEiD : - 
packers (Kaspersky): ASPack 
RDS : NSRL Reference Data Set
 
 
 

Hiç yorum yok:
Yorum Gönder