<< Previous thread | Next thread >> |
Possibile virus in X-Mule |
Author | Post |
MaxBad62 |
| ||
Registered Member #11995 Joined: Mon 23 Jun 2008 - 18:49Location: Vicenza Posts: 31 | Dal momento che dopo aver effettuato una scansione con ClamAV, mi veniva rilevata la presenza di un Trojan, ho voluto far fare una scansione su Virus Total. Il file in questione è X-Mule, che dovrebbe essere l'X-launcher. Adesso sono un po' restio a mandarlo in esecuzione. Qualcuno mi può dire di più a riguardo?? Grazie, e complimenti per questo meraviglioso progetto!! Questi sono i risultati di Virus Total. Antivirus Versione Ultimo aggiornamento Risultato AhnLab-V3 2008.8.29.0 2008.08.29 - AntiVir 7.8.1.23 2008.08.31 - Authentium 5.1.0.4 2008.08.30 - Avast 4.8.1195.0 2008.08.30 - AVG 8.0.0.161 2008.08.30 - BitDefender 7.2 2008.08.31 - CAT-QuickHeal 9.50 2008.08.29 I-Worm.Sohanad.e[/color] ClamAV 0.93.1 2008.08.31 Trojan.Qhost-166 DrWeb 4.44.0.09170 2008.08.31 - eSafe 7.0.17.0 2008.08.28 - eTrust-Vet 31.6.6057 2008.08.29 - Ewido 4.0 2008.08.31 - F-Prot 4.4.4.56 2008.08.30 - Fortinet 3.14.0.0 2008.08.31 PossibleThreat GData 19 2008.08.31 - Ikarus T3.1.1.34.0 2008.08.31 - K7AntiVirus 7.10.433 2008.08.30 - Kaspersky 7.0.0.125 2008.08.31 - McAfee 5373 2008.08.29 - Microsoft 1.3807 2008.08.25 - NOD32v2 3401 2008.08.30 - Norman 5.80.02 2008.08.29 - Panda 9.0.0.4 2008.08.31 - PCTools 4.4.2.0 2008.08.31 - Prevx1 V2 2008.08.31 - Rising 20.59.61.00 2008.08.31 - Sophos 4.33.0 2008.08.31 - Sunbelt 3.1.1592.1 2008.08.30 - Symantec 10 2008.08.31 - TheHacker 6.3.0.6.068 2008.08.30 - TrendMicro 8.700.0.1004 2008.08.31 - VBA32 3.12.8.4 2008.08.30 - ViRobot 2008.8.30.1357 2008.08.30 - VirusBuster 4.5.11.0 2008.08.31 - Webwasher-Gateway 6.6.2 2008.08.31 - Informazioni addizionali File size: 574077 bytes MD5...: 9040f675b76e0377e082430c1e725d5d SHA1..: e6af55ef59b88c887ec5735c58dd7aaad3c128f5 SHA256: 67bf0a43278529575b493c5dd69feb014065de733f01e8a4fa80fa27cfd51f8f SHA512: 6721da7850bb1b5b2b575c093bab1641dadba0845b06d81eafe2f64b03373b28 ee2f758db4a825e534fad8f2eebb0d1a3afc6890706fe60db431932e4dd159b7 PEiD..: - TrID..: File type identification Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4422e4 timedatestamp.....: 0x44df14f2 (Sun Aug 13 12:02:58 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x4e33d 0x4e400 6.57 0d4237c44d173562097be7f451cca9e6 .rdata 0x50000 0x9122 0x9200 5.37 7450b3d753d449720eacb5581fc4a13f .data 0x5a000 0x15654 0x2400 4.06 2cb2cad3ed8365c4d051b5826abd7f01 .rsrc 0x70000 0x2b000 0x2ae00 4.11 9e05d09930e08abda263ba92ef16bb29 ( 13 imports ) > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA > WINMM.dll: waveOutSetVolume, timeGetTime, mciSendStringA > COMCTL32.dll: ImageList_Remove, ImageList_Destroy, ImageList_EndDrag, ImageList_DragLeave, ImageList_DragMove, ImageList_DragEnter, ImageList_BeginDrag, ImageList_SetDragCursorImage, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx > MPR.dll: WNetUseConnectionA, WNetGetConnectionA, WNetAddConnection2A, WNetCancelConnection2A > KERNEL32.dll: GetCurrentThreadId, UnmapViewOfFile, OpenProcess, CreateFileMappingA, MapViewOfFile, WriteProcessMemory, ReadProcessMemory, TerminateProcess, WaitForSingleObject, SetFileTime, GetFileAttributesA, FindFirstFileA, FindClose, MultiByteToWideChar, DeleteFileA, FindNextFileA, MoveFileA, CopyFileA, GetLastError, CreateDirectoryA, RemoveDirectoryA, SetSystemPowerState, QueryPerformanceFrequency, FindResourceA, LoadResource, LockResource, SizeofResource, EnumResourceNamesA, GetLocalTime, WideCharToMultiByte, InterlockedIncrement, InterlockedDecrement, lstrcmpiA, FormatMessageA, GetExitCodeProcess, GetPrivateProfileStringA, WritePrivateProfileStringA, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, SetFilePointer, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, QueryPerformanceCounter, GetDriveTypeA, SetErrorMode, GetDiskFreeSpaceA, GetVolumeInformationA, SetVolumeLabelA, DeviceIoControl, SetFileAttributesA, GetShortPathNameA, WritePrivateProfileSectionA, GetEnvironmentVariableA, SetEnvironmentVariableA, GlobalMemoryStatus, Beep, GetComputerNameA, GetWindowsDirectoryA, GetSystemDirectoryA, GetTempPathA, GetCurrentProcessId, CreatePipe, DuplicateHandle, GetStdHandle, WriteFile, GetFileType, PeekNamedPipe, SetLastError, GetTempFileNameA, HeapFree, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, GetStartupInfoA, GetCommandLineA, DeleteCriticalSection, HeapReAlloc, HeapSize, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue, LCMapStringA, LCMapStringW, GetACP, GetOEMCP, GetSystemInfo, GetCurrentProcess, GetModuleHandleA, GetVersionExA, GlobalFree, GlobalUnlock, ReadFile, GlobalLock, GlobalAlloc, GetFileSize, CreateFileA, FreeLibrary, GetProcAddress, LoadLibraryA, CloseHandle, CreateProcessA, Sleep, GetModuleFileNameA, GetFullPathNameA, GetCPInfo, UnhandledExceptionFilter, SetHandleCount, SetCurrentDirectoryA, GetCurrentDirectoryA, GetSystemTimeAsFileTime, ExitProcess, GetTimeZoneInformation, ExitThread, CreateThread, SetStdHandle, FlushFileBuffers, FreeEnvironmentStringsA, GetEnvironmentStrings, ResumeThread, FreeEnvironmentStringsW, GetEnvironmentStringsW, InitializeCriticalSection, RtlUnwind, InterlockedExchange, VirtualQuery, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualProtect, GetTickCount, RaiseException, SetEndOfFile, CompareStringA, CompareStringW, SetUnhandledExceptionFilter, IsBadReadPtr, LocalFileTimeToFileTime, IsBadCodePtr > USER32.dll: CharLowerBuffA, IsClipboardFormatAvailable, OpenClipboard, GetClipboardData, CloseClipboard, CountClipboardFormats, EmptyClipboard, SetClipboardData, GetCursor, RegisterHotKey, SetActiveWindow, IsWindowEnabled, GetMenuStringA, GetSubMenu, GetCaretPos, IsZoomed, FlashWindow, EndDialog, SendDlgItemMessageA, GetDlgItem, IsWindow, GetMenu, CopyRect, EndPaint, BeginPaint, InsertMenuItemA, CopyImage, SetMenuDefaultItem, SetMenu, CreateMenu, DeleteMenu, DestroyMenu, DrawMenuBar, SetMenuItemInfoA, GetDesktopWindow, SetWindowPos, GetMessageA, RedrawWindow, wsprintfA, CharNextA, IsMenu, GetWindowTextA, GetDlgCtrlID, EnumChildWindows, GetActiveWindow, LockWindowUpdate, EnableWindow, LoadStringA, IsCharAlphaA, SetClassLongA, AdjustWindowRectEx, SetRect, SystemParametersInfoA, GetSystemMetrics, ReleaseDC, GetDC, GetSysColor, SetCursor, GetFocus, GetForegroundWindow, MessageBeep, PtInRect, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, GetMenuItemInfoA, PostMessageA, SetWindowTextA, ReleaseCapture, SetCapture, ClientToScreen, GetParent, GetWindowLongA, GetKeyState, SendMessageA, WindowFromPoint, DispatchMessageA, TranslateMessage, PeekMessageA, UnregisterHotKey, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, EnumWindows, EnumThreadWindows, SendMessageTimeoutA, SetWindowLongA, CharUpperA, GetClientRect, TrackPopupMenuEx, GetCursorPos, DefDlgProcA, IsDialogMessageA, GetClassNameA, InvalidateRect, ScreenToClient, GetWindowRect, DefWindowProcA, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageA, SetTimer, ShowWindow, CreateWindowExA, RegisterClassExA, LoadIconA, LoadCursorA, CreateIcon, SetForegroundWindow, IsIconic, FindWindowA, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, keybd_event, AttachThreadInput, GetWindowThreadProcessId, VkKeyScanA, GetKeyboardLayoutNameA, MapVirtualKeyA, MessageBoxA, LoadImageA, IsCharAlphaNumericA, GetSysColorBrush, DestroyIcon, IsCharLowerA, IsCharUpperA, CharUpperBuffA, DestroyWindow, DialogBoxParamA, IsWindowVisible > GDI32.dll: PolyBezierTo, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, LineTo, GetTextExtentPoint32A, CreateDIBSection, BitBlt, GetDIBits, CreateDCA, GetTextFaceA, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectA, DeleteDC, CreateCompatibleDC, SelectObject, CreateFontA, GetDeviceCaps, GetStockObject, SetBkMode, SetTextColor, GetPixel, CreateSolidBrush, DeleteObject, SetBkColor > comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA > ADVAPI32.dll: RegEnumValueA, RegDeleteValueA, RegDeleteKeyA, RegSetValueExA, RegCreateKeyExA, GetUserNameA, RegConnectRegistryA, RegEnumKeyExA, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegQueryValueExA, RegOpenKeyExA > SHELL32.dll: SHFileOperationA, SHGetPathFromIDListA, SHGetDesktopFolder, SHGetMalloc, Shell_NotifyIconA, ExtractIconExA, ExtractIconA, DragFinish, DragQueryFileA, DragQueryPoint, SHBrowseForFolderA > ole32.dll: CreateStreamOnHGlobal, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemAlloc, CoTaskMemFree, IIDFromString, StringFromIID, CLSIDFromString, OleInitialize, OleUninitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, StringFromCLSID > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, - ( 0 exports ) [ Edited Sun 31 Aug 2008 - 19:06 ] | ||
Back to top |
Danix |
| ||
Registered Member #1 Joined: Fri 29 Dec 2006 - 05:38Location: Sassari Posts: 12956 | Benvenuto su winPenPack Qualcuno mi può dire di più a riguardo?? Giustappunto: -Link- | ||
Back to top |
MaxBad62 |
| ||
Registered Member #11995 Joined: Mon 23 Jun 2008 - 18:49Location: Vicenza Posts: 31 | Grazie Danix!!! Ne Deduco che allora posso utilizzarlo tranquillamemte?!? | ||
Back to top |
Danix |
| ||
Registered Member #1 Joined: Fri 29 Dec 2006 - 05:38Location: Sassari Posts: 12956 | Problema risolto con ClamWin (vedi homepage) dopo aver effettuato una scansione con ClamAV ClamAV o ClamWin? | ||
Back to top |
MaxBad62 |
| ||
Registered Member #11995 Joined: Mon 23 Jun 2008 - 18:49Location: Vicenza Posts: 31 | Grazie 1000 Danix. Ottimo lavoro!! Ma non vi riposate mai?? Comunque avevo già deciso di fidarmi, visto che la percentuale di antivirus che riconoscevano una possibile infezione era così esigua. Scusa Danix, era ClamWin! [ Edited Sun 14 Sep 2008 - 17:27 ] | ||
Back to top |
Moderators: Danix, Taf, Rcs, Energy, zandet2, ZioZione, Admin, LordJim60 |