steelman(63,64,65,66,67,68,69楼有新)过主流！！

dolphin

EAV(4418) kill all
F:\6.rar > RAR > 6\Worm(0912-1354)\aunt_a.exe2 - Win32/Kryptik.AJD 特洛伊木马 的变种
F:\6.rar > RAR > 6\Worm(0912-1354)\aunt_b.exe2 - Win32/Kryptik.AKQ 特洛伊木马 的变种
F:\6.rar > RAR > 6\Worm(0912-1354)\steelman_a.exe1 - Win32/Kryptik.AJD 特洛伊木马 的变种
F:\6.rar > RAR > 6\Worm(0912-1354)\steelman_b.exe1 - Win32/Kryptik.AKQ 特洛伊木马 的变种
F:\6.rar > RAR > 6\Worm(0912-1354)\test_b.exe2 - Win32/Kryptik.AKQ 特洛伊木马 的变种
F:\6.rar > RAR > 6\Worm(0912-1354)\william_b.exe2 - Win32/Kryptik.AKQ 特洛伊木马 的变种

主动防御

send to Symantec

sam.to

d1f1d9a6580d2ae1cae32c1d80682a65   steelman_b.ex2e
4f71f88d8fd5ec8c1136495122ded8ce   aunt_a.ex2e
cb96b158a1aadda9cb206927940cb2ba   aunt_b.ex1e
32a49c9d09b9399875aa56ec548a3a8b   test_b.ex1e
27e18ae1351d8e9b54f7de5b0eb2b6d1   william_b.ex1e
d64d4bed9e042fbb34567355db31618b   aunt_a.e1e
aa7f1df36182038c76d96cfc80000480   test_a.exe3
96e46196a880088fb0abbb3e9642c102   william_b.exe3
3b3e11673fbcb098eba9261a5dd87e3d   test_b.exe3
2ecd25c198ccd113afa7843faecaf2ad   william_b.exe2
4267b0897616e999dd1e484cde50a72a   steelman_b.e3xe
741098d6173fd2839b40da5e9a116cb4   aunt_b.e3xe
27d28f3facb1ed63e16623f9b22d1e16   aunt_b.ex2e


TO KL,LL,mcafee,eset,antivir



http://sample.nod32.com.hk/index ... fbb34567355db31618b
http://sample.nod32.com.hk/index ... 38c76d96cfc80000480



25450351          aunt_a.e1e          399 KB          UNDER ANALYSIS
25450352          william_b.exe3          1.03 MB          UNDER ANALYSIS
25450353          william_b.ex1e          1.03 MB          UNDER ANALYSIS
25450354          aunt_a.ex2e          735 KB          UNDER ANALYSIS
25450355          william_b.exe2          1.03 MB          UNDER ANALYSIS
25450356          test_a.exe3          400.5 KB          UNDER ANALYSIS



Hello,


aunt_a.e1e - Email-Worm.Win32.Iksmas.eta
aunt_a.ex2e - Email-Worm.Win32.Iksmas.etb
aunt_b.e3xe - Trojan-Downloader.Win32.FraudLoad.wrde
aunt_b.ex1e - Trojan-Downloader.Win32.FraudLoad.wrdf
aunt_b.ex2e - Trojan-Downloader.Win32.FraudLoad.wrdg
steelman_b.e3xe - Trojan-Downloader.Win32.FraudLoad.wrdh
steelman_b.ex2e - Trojan-Downloader.Win32.FraudLoad.wrdi
test_a.exe3 - Email-Worm.Win32.Iksmas.etc
test_b.ex1e - Trojan-Dropper.Win32.Agent.bcsw
test_b.exe3 - Trojan-Downloader.Win32.FraudLoad.wrdd
william_b.ex1e - Trojan-Downloader.Win32.FraudLoad.wrdj
william_b.exe2 - Trojan-Downloader.Win32.FraudLoad.wrdk
william_b.exe3 - Trojan-Downloader.Win32.FraudLoad.wrdl

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.



Filename         Result          aunt_a.e1e          MALWARE

The file 'aunt_a.e1e' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.eta. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.
Filename         Result          william_b.exe3          MALWARE

The file 'william_b.exe3' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          william_b.ex1e          MALWARE

The file 'william_b.ex1e' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          aunt_a.ex2e          MALWARE

The file 'aunt_a.ex2e' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.etb. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.
Filename         Result          william_b.exe2          MALWARE

The file 'william_b.exe2' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          test_a.exe3          MALWARE

The file 'test_a.exe3' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.etc. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.

[ 本帖最后由 sam.to 于 2009-9-14 16:36 编辑 ]

sam.to

bfb02ce51af76f096152f3c9396b9d34   test_b.exe01
4803a4a454dcb8080af8c6d82bef131e   aunt_a.exe01
565338154c49faef7947a981a1f2c556   aunt_b.exe01
5bd6728666a854242630e2aaeb2556bc   steelman_b.exe01
f83ae1de79b6fb9a4e13874550930310   william_b.e01xe

to kl,ll,antivir

25450464          test_b.exe01          1.03 MB          UNDER ANALYSIS
25450465          aunt_a.exe01          391 KB          MALWARE



Hello,


aunt_a.exe01 - Email-Worm.Win32.Iksmas.etf
aunt_b.exe01 - Trojan-Downloader.Win32.FraudLoad.wrfa
steelman_b.exe01 - Trojan-Downloader.Win32.FraudLoad.wrfb
test_b.exe01 - Trojan-Downloader.Win32.FraudLoad.wrfc
william_b.e01xe - Trojan-Downloader.Win32.FraudLoad.wrfd

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.


Filename         Result          test_b.exe01          MALWARE

The file 'test_b.exe01' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          aunt_a.exe01          MALWARE

The file 'aunt_a.exe01' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/AdSpy.Gen. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.This malware is detected by a special detection routine from the engine module.

[ 本帖最后由 sam.to 于 2009-9-14 15:06 编辑 ]

sam.to

2b958d4977acf338029d75631760e676   aunt_b.e1xe
ed99d97e086b6a88819a73da9aa38ad7   steelman_b.exe3
584bce9491dc7314a898c9e4816f3109   test_b.e3xe
bd1bd5c27eaa8975ab0375428fd06add   william_b.ex3e
29af410ab3e4bfb2e5c440185de70edb   aunt_b.ex3e
4eb608e0e044448fbcb40865c9b373de   steelman_a.ex3e
4a431e601342a47d1300ab0686108c3f   william_b.ex2e
859261b0d25b402afe52db78e185047a   william_b.ex1e
94b16ff69beca2724fb0b5c2d55f1ac6   test_b.ex2e
08734d799b1ec764a35c98796e8abce1   test_b.e1xe
203db8ec2d42a53fca3c8695c261f1b8   steelman_b.e2xe
504c30cd0c1ca9babc6076fe8cc563d8   steelman_b.e1xe
c2b9f3c86d668f459cba0ff342a85e1c   steelman_a.ex1e
96b3996f7ddc60e3fea2d3a43ec9526c   steelman_a.e2xe
30cc151c746a5acbe77c9dabe6c8f6c6   aunt_b.ex2e


to kl,ll,antivir,eset,comodo,mcafee


25450710          william_b.ex1e          1.03 MB          UNDER ANALYSIS
25450711          steelman_a.e2xe          400.5 KB          UNDER ANALYSIS
25450712          william_b.ex2e          1.03 MB          UNDER ANALYSIS
25450713          steelman_b.exe3          1.03 MB          UNDER ANALYSIS
25450714          steelman_a.ex1e          746.5 KB          UNDER ANALYSIS
25450715          steelman_a.ex3e          746 KB          UNDER ANALYSIS



http://sample.nod32.com.hk/index ... 0e3fea2d3a43ec9526c
http://sample.nod32.com.hk/index ... f459cba0ff342a85e1c



Hello,

New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.


aunt_b.e1xe
        Trojan-Downloader.Win32.FraudLoad.wrlf

aunt_b.ex2e
        Trojan-Downloader.Win32.FraudLoad.wrlg

aunt_b.ex3e
        Trojan-Downloader.Win32.FraudLoad.wrlh

steelman_a.e2xe
        Email-Worm.Win32.Iksmas.eua

steelman_a.ex1e
        Email-Worm.Win32.Iksmas.eub

steelman_a.ex3e
        Email-Worm.Win32.Iksmas.euc

steelman_b.e1xe
        Trojan-Downloader.Win32.FraudLoad.wrli

steelman_b.e2xe
        Trojan-Downloader.Win32.FraudLoad.wrlj

steelman_b.exe3
        Trojan-Downloader.Win32.FraudLoad.wrlk

test_b.e1xe
        Trojan-Downloader.Win32.FraudLoad.wrll

test_b.e3xe
        Trojan-Downloader.Win32.FraudLoad.wrlm

test_b.ex2e
        Trojan-Downloader.Win32.FraudLoad.fmx

william_b.ex1e
        Trojan-Downloader.Win32.FraudLoad.wrlo

william_b.ex2e
        Trojan-Downloader.Win32.FraudLoad.fmx

william_b.ex3e
        Trojan-Downloader.Win32.FraudLoad.wrlp

>
>
Regards, Tatarinov Ivan
Virus Analyst




Filename         Result          william_b.ex1e          MALWARE

The file 'william_b.ex1e' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          steelman_a.e2xe          MALWARE

The file 'steelman_a.e2xe' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.eua. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.
Filename         Result          william_b.ex2e          MALWARE

The file 'william_b.ex2e' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          steelman_b.exe3          MALWARE

The file 'steelman_b.exe3' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          steelman_a.ex1e          MALWARE

The file 'steelman_a.ex1e' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.eub. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.
Filename         Result          steelman_a.ex3e          MALWARE

The file 'steelman_a.ex3e' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.euc. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.

[ 本帖最后由 sam.to 于 2009-9-14 16:40 编辑 ]

sam.to

76a58ad24130bc67f3419b06a6251a4b   william_b.exe1
16958ac378b03377b95be2b30f31905e   aunt_b.exe3
ce991ef81103f50e10a384b8eaf0f8fa   aunt_b.ex2e
f701630caf6c5b7e7c65d3d1476283e1   aunt_b.ex1e
c6c25827199f990725fde2abaf466330   william_b.ex3e
7b2a7f93f831857dad3db5d775b5e73b   william_b.e2xe
2d69c43542bd9d32a60545dda119f624   test_b.exe3
0ac5e68ac576b0436430d3decfb2f462   test_b.ex2e
3f6cd550d886f2dd0246792fe01c489d   test_b.ex1e
a2f17a04595d27957891f322720f3052   test_a.exe1
3d1cb4d63dd95f0a77e270da0e231b77   steelman_b.ex3e
3ef4f4a6f71ec3c9051d66af1fc2f7ad   steelman_b.ex2e
9da4c9a5dad815d430ed6fab739978b2   steelman_b.ex1e
f86c3e3ae5986914ae89f70395e46af1   steelman_a.ex3e
b3f9b7fd1e71763a0b89a2260f6f3afc   steelman_a.e2xe


TO KL,LL,ANTIVIR

25450786          steelman_a.e2xe          399.5 KB          UNDER ANALYSIS
25450787          test_b.ex2e          1.03 MB          UNDER ANALYSIS
25450788          william_b.exe1          1.03 MB          UNDER ANALYSIS
25450789          steelman_a.ex3e          746 KB          UNDER ANALYSIS
25450790          test_b.exe3          1.03 MB          UNDER ANALYSIS
25450791          test_a.exe1          391.5 KB          MALWARE



Hello,


aunt_b.ex1e - Trojan-Downloader.Win32.FraudLoad.wrlq
aunt_b.ex2e - Trojan-Downloader.Win32.FraudLoad.wrlr
aunt_b.exe3 - Trojan-Downloader.Win32.FraudLoad.wrls
steelman_a.e2xe - Email-Worm.Win32.Iksmas.euf
steelman_a.ex3e - Email-Worm.Win32.Iksmas.eug
steelman_b.ex1e - Trojan-Downloader.Win32.FraudLoad.wrlt
steelman_b.ex2e - Trojan-Downloader.Win32.FraudLoad.wrlu
steelman_b.ex3e - Trojan-Downloader.Win32.FraudLoad.wrlv
test_a.exe1 - Email-Worm.Win32.Iksmas.eud
test_b.ex1e - Trojan-Downloader.Win32.FraudLoad.wrlw
test_b.ex2e - Trojan-Downloader.Win32.FraudLoad.wrlx
test_b.exe3 - Trojan-Downloader.Win32.FraudLoad.wrly
william_b.e2xe - Trojan-Downloader.Win32.FraudLoad.wrlz
william_b.ex3e - Trojan-Downloader.Win32.FraudLoad.wrma
william_b.exe1 - Trojan-Downloader.Win32.FraudLoad.wrmb

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

>
>
Regards, Tatarinov Ivan
Virus Analyst



Filename         Result          steelman_a.e2xe          MALWARE

The file 'steelman_a.e2xe' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.euf. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.
Filename         Result          test_b.ex2e          MALWARE

The file 'test_b.ex2e' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          william_b.exe1          MALWARE

The file 'william_b.exe1' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          steelman_a.ex3e          MALWARE

The file 'steelman_a.ex3e' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.eug. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.
Filename         Result          test_b.exe3          MALWARE

The file 'test_b.exe3' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          test_a.exe1          MALWARE

The file 'test_a.exe1' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/AdSpy.Gen. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.This malware is detected by a special detection routine from the engine module.

[ 本帖最后由 sam.to 于 2009-9-14 16:38 编辑 ]

sam.to

a31cb730212ea0ed9775158b336c0b9e   steelman_a.ex1e
6030c0e742f87d6271a9ee700dcae42c   william_b.exe3
6030c0e742f87d6271a9ee700dcae42c   william_b.e2xe
bb9dcdc21f8a22f2a2e5bf7523b53b8c   william_b.e1xe
dc6a28569177caabef431bbe58c67548   test_b.exe3
dc6a28569177caabef431bbe58c67548   test_b.ex2e
2dddeffd549acba645f93d9e6ba497da   test_b.ex1e
1c6de5d32df09eeab7fd0c5d2dd1b512   steelman_b.ex1e
8d0c0820631fc21b9d1c1e04cfd93284   steelman_b.e3xe
8d0c0820631fc21b9d1c1e04cfd93284   steelman_b.e2xe
4ac47b4662209f6842a03d3d74757ab4   steelman_a.ex2e
526540e9acbe633fc3439b2f25847e36   aunt_b.exe1
70e74046bf6c19a5d47297ac0dba4e2a   aunt_b.ex3e
70e74046bf6c19a5d47297ac0dba4e2a   aunt_b.ex2e
303896014a813d8900728653f71c9704   aunt_a.exe3

to kl,ll,antivir


25450916          aunt_b.exe1          1.03 MB          UNDER ANALYSIS
25450917          william_b.exe3          1.03 MB          UNDER ANALYSIS
25450918          steelman_a.ex1e          737.5 KB          UNDER ANALYSIS
25450919          steelman_a.ex2e          401 KB          UNDER ANALYSIS
25450920          aunt_a.exe3          399.5 KB          UNDER ANALYSIS



Hello,


aunt_a.exe3 - Email-Worm.Win32.Iksmas.euk
aunt_b.ex2e, aunt_b.ex3e - Trojan-Downloader.Win32.FraudLoad.wrmf
aunt_b.exe1, steelman_b.ex1e, test_b.ex1e, william_b.e1xe - Trojan-Dropper.Win32.FrauDrop.nr
steelman_a.ex1e - Email-Worm.Win32.Iksmas.eul
steelman_a.ex2e - Email-Worm.Win32.Iksmas.eum
steelman_b.e2xe, steelman_b.e3xe - Trojan-Downloader.Win32.FraudLoad.wrmh
test_b.ex2e, test_b.exe3 - Trojan-Downloader.Win32.FraudLoad.wrme
william_b.e2xe, william_b.exe3 - Trojan-Downloader.Win32.FraudLoad.wrmj

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

>
>
Regards, Tatarinov Ivan
Virus Analyst




Filename         Result          aunt_b.exe1          MALWARE

The file 'aunt_b.exe1' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          william_b.exe3          MALWARE

The file 'william_b.exe3' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          steelman_a.ex1e          MALWARE

The file 'steelman_a.ex1e' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.eul. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.
Filename         Result          steelman_a.ex2e          MALWARE

The file 'steelman_a.ex2e' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.eum. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.
Filename         Result          aunt_a.exe3          MALWARE

The file 'aunt_a.exe3' has been determined to be 'MALWARE'. Our analysts named the threat Worm/Iksmas.euk. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).Detection is added to our virus definition file (VDF) starting with version 7.01.05.237.

[ 本帖最后由 sam.to 于 2009-9-14 16:40 编辑 ]

sam.to

86c5f7ae43eb647034501933cfc0d712   steelman_a.ex2e
1625856a1e6a008a637e99d7d8bc3e43   aunt_a.ex3e
25cd21732d68ad073294285cf5eeb6a4   aunt_a.ex1e
30b1f778a8afed6cafdc88b5a2f03a30   william_b.ex2e
d79a7683285a2f16413fd9245f66e1ee   william_b.ex1e
5dfc9507ec838cd93946ddc8401c6cca   william_b.e3xe
bc912fff041fc5f9f9a2077068bfcf7f   test_b.ex3e
2d2b357de769a605d6dff96c15c3cdf6   test_b.ex2e
9a14066b4033e9276d9b796d70f39dcb   test_b.ex1e
06edd2e4206bdb74179cce0d43682e8b   steelman_b.ex3e
86f0c71768930ea0ad4d90fa513ff67c   steelman_b.ex2e
30a81b415eb2a88c243d9e13f79f482e   steelman_b.ex1e
049d58f89685d5c1ba4fd55fa976cb24   aunt_b.ex2e
59ceb1a2f6d4061870799f6f19f28399   aunt_b.ex1e
735153ba486a23f4e5638647c82b5d2a   aunt_b.e3xe

TO KL,LL,ANTIVIR



25451315          test_b.ex3e          1.03 MB          UNDER ANALYSIS
25451316          aunt_a.ex1e          745.5 KB          UNDER ANALYSIS
25451317          william_b.ex1e          1.03 MB          UNDER ANALYSIS
25451318          william_b.ex2e          1.03 MB          UNDER ANALYSIS
25451319          steelman_a.ex2e          743.5 KB          UNDER ANALYSIS
25451320          aunt_a.ex3e          390 KB          MALWARE




Hello,


aunt_a.ex1e - Email-Worm.Win32.Iksmas.eus
aunt_a.ex3e - Email-Worm.Win32.Iksmas.eut
aunt_b.e3xe - Trojan-Downloader.Win32.FraudLoad.wrti
aunt_b.ex1e - Trojan-Downloader.Win32.FraudLoad.wrtk
aunt_b.ex2e - Trojan-Downloader.Win32.FraudLoad.wrtl
steelman_a.ex2e - Email-Worm.Win32.Iksmas.euu
steelman_b.ex1e - Trojan-Downloader.Win32.FraudLoad.wrtm
steelman_b.ex2e - Trojan-Downloader.Win32.FraudLoad.wrtn
steelman_b.ex3e - Trojan-Downloader.Win32.FraudLoad.wrto
test_b.ex1e - Trojan-Downloader.Win32.FraudLoad.wrtq
test_b.ex2e - Trojan-Downloader.Win32.FraudLoad.wrtr
test_b.ex3e - Trojan-Downloader.Win32.FraudLoad.wrts
william_b.e3xe - Trojan-Downloader.Win32.FraudLoad.wrtt
william_b.ex1e - Trojan-Downloader.Win32.FraudLoad.wrtu
william_b.ex2e - Trojan-Downloader.Win32.FraudLoad.wrub

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

>
>
------
Best regards, Ilya Tolstikhin
Virus analyst, Kaspersky Lab.



Filename         Result          test_b.ex3e          MALWARE

The file 'test_b.ex3e' has been determined to be 'MALWARE'. Our analysts named the threat TR/FakeAlert.1079328. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.
Filename         Result          aunt_a.ex1e          DAMAGED FILE (UNKNOWN)

The file 'aunt_a.ex1e' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Filename         Result          william_b.ex1e          MALWARE

The file 'william_b.ex1e' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          william_b.ex2e          MALWARE

The file 'william_b.ex2e' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          steelman_a.ex2e          DAMAGED FILE (UNKNOWN)

The file 'steelman_a.ex2e' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Filename         Result          aunt_a.ex3e          MALWARE

The file 'aunt_a.ex3e' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/AdSpy.Gen. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.This malware is detected by a special detection routine from the engine module.

[ 本帖最后由 sam.to 于 2009-9-14 20:44 编辑 ]

sam.to

e8f112af9f55a7f7ecdb1b0bb6c908bb   steelman_a.ex2e
7531adb6d8449cb252586997d379b945   steelman_a.ex1e
15c8b15170d5957b320ea239e02f046f   aunt_b.e1xe
56c9fab026036fce0b985ae36e6d8ba7   william_b.e1xe
f50b859a980f07d915d4464d4902a1fa   test_b.e1xe
8c84ddb8781f442086e55e2f4f9e73d1   steelman_b.ex1e


to kl,ll,comodo,antivir




25451567          steelman_b.ex1e          1.03 MB          UNDER ANALYSIS
25451568          steelman_a.ex1e          390 KB          MALWARE
25451569          steelman_a.ex2e          743 KB          UNDER ANALYSIS



Hello,


aunt_b.e1xe, steelman_a.ex1e, steelman_b.ex1e, test_b.e1xe, william_b.e1xe - Packed.Win32.Krap.x
steelman_a.ex2e - Packed.Win32.Krap.w

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.



Filename         Result          steelman_b.ex1e          MALWARE

The file 'steelman_b.ex1e' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Filename         Result          steelman_a.ex1e          MALWARE

The file 'steelman_a.ex1e' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/AdSpy.Gen. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.This malware is detected by a special detection routine from the engine module.
Filename         Result          steelman_a.ex2e          MALWARE

The file 'steelman_a.ex2e' has been determined to be 'MALWARE'. Our analysts named the threat TR/Waledac.mywd.19. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

[ 本帖最后由 sam.to 于 2009-9-15 15:06 编辑 ]

sam.to

估计这个是GEN,又可以不用更新了~~~~