load.exe

solcroft

hzyw

scottxzt

Begin scan in 'C:\Users\IBM\Desktop\load.zip'
C:\Users\IBM\Desktop\load.zip
    [0] Archive type: ZIP
      --> load.exe
          [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

sam.to

Scanned file:   load.zip
load.zip/load.exe - OK
load.zip/load.exe - OK
load.zip/load.exe - OK

TO KL

Nblock

不错的样本 微点可疑程序诊断删除成功

sam.to

http://www.virustotal.com/analis ... 88a5f47dfb659f6262a

                File load.zip received on 10.23.2008 05:20:26 (CET)
                                Current status:                        Loading ...                        queued                        waiting                        scanning                        finished                        NOT FOUND                        STOPPED               
               
                Result: 12/36 (33.34%)
       
                                                Loading server information...               
                                        Your file is queued in position: ___.
                        Estimated start time is between ___ and ___
.
                        Do not close the window until scan is complete.               
                                        The scanner that was processing your file is stopped at this moment,                        we are going to wait a few seconds to try to recover your result.
                        If you are waiting for more than five minutes you have to resend your file.               
                                        Your file is being scanned by VirusTotal in this moment,
                        results will be shown as they're generated.               
                                                       

                                                                                                                Compact                               
                                                                        Print results                                                                       
                       

               
                                        Your file has expired or does not exists.               
                                        Service is stopped in this moments, your file is waiting to be scanned (position:
) for an undefined time.
                        You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.                                                                                                               

Email:

                                               
                                       
       
                                       

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.10.22.0	2008.10.22	-
AntiVir	7.9.0.5	2008.10.22	TR/Crypt.XPACK.Gen
Authentium	5.1.0.4	2008.10.23	-
Avast	4.8.1248.0	2008.10.22	Win32:Trojan-gen {Other}
AVG	8.0.0.161	2008.10.23	SHeur.CPGN
BitDefender	7.2	2008.10.23	-
CAT-QuickHeal	9.50	2008.10.22	-
ClamAV	0.93.1	2008.10.23	-
DrWeb	4.44.0.09170	2008.10.23	Trojan.PWS.GoldSpy.2309
eSafe	7.0.17.0	2008.10.22	Suspicious File
eTrust-Vet	31.6.6164	2008.10.22	-
Ewido	4.0	2008.10.22	-
F-Prot	4.4.4.56	2008.10.22	-
F-Secure	8.0.14332.0	2008.10.23	-
Fortinet	3.113.0.0	2008.10.22	-
GData	19	2008.10.23	Win32:Trojan-gen {Other}
Ikarus	T3.1.1.44.0	2008.10.23	-
K7AntiVirus	7.10.503	2008.10.22	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.10.23	-
McAfee	5411	2008.10.22	-
Microsoft	1.4005	2008.10.23	-
NOD32	3547	2008.10.22	-
Norman	5.80.02	2008.10.22	W32/Smalltroj.HSYY
Panda	9.0.0.4	2008.10.22	Suspicious file
PCTools	4.4.2.0	2008.10.22	-
Prevx1	V2	2008.10.23	-
Rising	20.67.22.00	2008.10.22	-
SecureWeb-Gateway	6.7.6	2008.10.22	Trojan.Crypt.XPACK.Gen
Sophos	4.34.0	2008.10.23	-
Sunbelt	3.1.1745.1	2008.10.22	-
Symantec	10	2008.10.23	-
TheHacker	6.3.1.0.124	2008.10.23	-
TrendMicro	8.700.0.1004	2008.10.22	PAK_Generic.001
VBA32	3.12.8.8	2008.10.22	Trojan-Spy.Win32.Goldun.bdb
ViRobot	2008.10.23.1433	2008.10.23	-
VirusBuster	4.5.11.0	2008.10.22	-

sam.to

Hello,

load.exe3 - Trojan.Win32.Pakes.lgg

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Ostroverkhov Vladimir
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

yurius

McAfee 已自动阻止并隔离计算机上感染病毒的文件。您可以在 SecurityCenter 的“恢复”窗格中恢复隔离的文件。

关于此 特洛伊木马程序
已检测到: Generic!Artemis (特洛伊木马程序)
隔离来源: C:\Documents and Settings\xxx\桌面\virus\load.exe

特洛伊木马程序以合法程序的身份出现，但可能会损坏重要文件，降低性能，并允许对计算机进行未经授权的访问。

will

Multi Command-Line Scanner Report
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\load.exe   
MD5 Hash: C49C4B57405065C22D49A6AA133006C6   
Type: Generic Win/DOS Executable / Extension: .EXE   

A-squared ----- Nothing   
Avast ----- Win32:Trojan-gen {Other}    
Avg ----- SHeur.CPGN     
Antivir ----- TR/Crypt.XPACK.Gen    
BitDefender ----- Nothing   
ClamWin ----- Broken.Executable    
Dr.Web ----- Trojan.PWS.GoldSpy.2309    
NOD32 ----- Nothing   
Ikarus ----- Nothing   
Jiangmin ----- Nothing   
Kaspersky ----- Nothing   
Kingsoft ----- Win32.Troj.OnlineGameT.bs.1081344    
Vba32 ----- Nothing   

*** 6/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   

Task done @ 2008/10/23 四 12:14:02.15   

kingmuro

过诺顿10.1版本