Menù Principale

Cerca
Login
Registrati
Link
<< Discussione precedente | Discussione successiva >>   
Possibile virus in X-Mule

Autore Messaggio
MaxBad62
dom 31 ago 2008 - 18:47

online
Utente registrato #11995
Registrato il: lun 23 giu 2008 - 18:49
Provenienza: Vicenza
Messaggi: 31

Dal momento che dopo aver effettuato una scansione con ClamAV, mi veniva rilevata la presenza di un Trojan, ho voluto far fare una scansione su Virus Total.
Il file in questione è X-Mule, che dovrebbe essere l'X-launcher.

Adesso sono un po' restio a mandarlo in esecuzione. Qualcuno mi può dire di più a riguardo??
Grazie, e complimenti per questo meraviglioso progetto!!

Questi sono i risultati di Virus Total.

Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.31 -
Authentium 5.1.0.4 2008.08.30 -
Avast 4.8.1195.0 2008.08.30 -
AVG 8.0.0.161 2008.08.30 -
BitDefender 7.2 2008.08.31 -
CAT-QuickHeal 9.50 2008.08.29 I-Worm.Sohanad.e[/color]
ClamAV 0.93.1 2008.08.31 Trojan.Qhost-166
DrWeb 4.44.0.09170 2008.08.31 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6057 2008.08.29 -
Ewido 4.0 2008.08.31 -
F-Prot 4.4.4.56 2008.08.30 -
Fortinet 3.14.0.0 2008.08.31 PossibleThreat
GData 19 2008.08.31 -
Ikarus T3.1.1.34.0 2008.08.31 -
K7AntiVirus 7.10.433 2008.08.30 -
Kaspersky 7.0.0.125 2008.08.31 -
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3401 2008.08.30 -
Norman 5.80.02 2008.08.29 -
Panda 9.0.0.4 2008.08.31 -
PCTools 4.4.2.0 2008.08.31 -
Prevx1 V2 2008.08.31 -
Rising 20.59.61.00 2008.08.31 -
Sophos 4.33.0 2008.08.31 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.08.31 -
TheHacker 6.3.0.6.068 2008.08.30 -
TrendMicro 8.700.0.1004 2008.08.31 -
VBA32 3.12.8.4 2008.08.30 -
ViRobot 2008.8.30.1357 2008.08.30 -
VirusBuster 4.5.11.0 2008.08.31 -
Webwasher-Gateway 6.6.2 2008.08.31 -
Informazioni addizionali
File size: 574077 bytes
MD5...: 9040f675b76e0377e082430c1e725d5d
SHA1..: e6af55ef59b88c887ec5735c58dd7aaad3c128f5
SHA256: 67bf0a43278529575b493c5dd69feb014065de733f01e8a4fa80fa27cfd51f8f
SHA512: 6721da7850bb1b5b2b575c093bab1641dadba0845b06d81eafe2f64b03373b28
ee2f758db4a825e534fad8f2eebb0d1a3afc6890706fe60db431932e4dd159b7
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4422e4
timedatestamp.....: 0x44df14f2 (Sun Aug 13 12:02:58 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4e33d 0x4e400 6.57 0d4237c44d173562097be7f451cca9e6
.rdata 0x50000 0x9122 0x9200 5.37 7450b3d753d449720eacb5581fc4a13f
.data 0x5a000 0x15654 0x2400 4.06 2cb2cad3ed8365c4d051b5826abd7f01
.rsrc 0x70000 0x2b000 0x2ae00 4.11 9e05d09930e08abda263ba92ef16bb29

( 13 imports )
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
> WINMM.dll: waveOutSetVolume, timeGetTime, mciSendStringA
> COMCTL32.dll: ImageList_Remove, ImageList_Destroy, ImageList_EndDrag, ImageList_DragLeave, ImageList_DragMove, ImageList_DragEnter, ImageList_BeginDrag, ImageList_SetDragCursorImage, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx
> MPR.dll: WNetUseConnectionA, WNetGetConnectionA, WNetAddConnection2A, WNetCancelConnection2A
> KERNEL32.dll: GetCurrentThreadId, UnmapViewOfFile, OpenProcess, CreateFileMappingA, MapViewOfFile, WriteProcessMemory, ReadProcessMemory, TerminateProcess, WaitForSingleObject, SetFileTime, GetFileAttributesA, FindFirstFileA, FindClose, MultiByteToWideChar, DeleteFileA, FindNextFileA, MoveFileA, CopyFileA, GetLastError, CreateDirectoryA, RemoveDirectoryA, SetSystemPowerState, QueryPerformanceFrequency, FindResourceA, LoadResource, LockResource, SizeofResource, EnumResourceNamesA, GetLocalTime, WideCharToMultiByte, InterlockedIncrement, InterlockedDecrement, lstrcmpiA, FormatMessageA, GetExitCodeProcess, GetPrivateProfileStringA, WritePrivateProfileStringA, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, SetFilePointer, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, QueryPerformanceCounter, GetDriveTypeA, SetErrorMode, GetDiskFreeSpaceA, GetVolumeInformationA, SetVolumeLabelA, DeviceIoControl, SetFileAttributesA, GetShortPathNameA, WritePrivateProfileSectionA, GetEnvironmentVariableA, SetEnvironmentVariableA, GlobalMemoryStatus, Beep, GetComputerNameA, GetWindowsDirectoryA, GetSystemDirectoryA, GetTempPathA, GetCurrentProcessId, CreatePipe, DuplicateHandle, GetStdHandle, WriteFile, GetFileType, PeekNamedPipe, SetLastError, GetTempFileNameA, HeapFree, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, GetStartupInfoA, GetCommandLineA, DeleteCriticalSection, HeapReAlloc, HeapSize, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue, LCMapStringA, LCMapStringW, GetACP, GetOEMCP, GetSystemInfo, GetCurrentProcess, GetModuleHandleA, GetVersionExA, GlobalFree, GlobalUnlock, ReadFile, GlobalLock, GlobalAlloc, GetFileSize, CreateFileA, FreeLibrary, GetProcAddress, LoadLibraryA, CloseHandle, CreateProcessA, Sleep, GetModuleFileNameA, GetFullPathNameA, GetCPInfo, UnhandledExceptionFilter, SetHandleCount, SetCurrentDirectoryA, GetCurrentDirectoryA, GetSystemTimeAsFileTime, ExitProcess, GetTimeZoneInformation, ExitThread, CreateThread, SetStdHandle, FlushFileBuffers, FreeEnvironmentStringsA, GetEnvironmentStrings, ResumeThread, FreeEnvironmentStringsW, GetEnvironmentStringsW, InitializeCriticalSection, RtlUnwind, InterlockedExchange, VirtualQuery, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualProtect, GetTickCount, RaiseException, SetEndOfFile, CompareStringA, CompareStringW, SetUnhandledExceptionFilter, IsBadReadPtr, LocalFileTimeToFileTime, IsBadCodePtr
> USER32.dll: CharLowerBuffA, IsClipboardFormatAvailable, OpenClipboard, GetClipboardData, CloseClipboard, CountClipboardFormats, EmptyClipboard, SetClipboardData, GetCursor, RegisterHotKey, SetActiveWindow, IsWindowEnabled, GetMenuStringA, GetSubMenu, GetCaretPos, IsZoomed, FlashWindow, EndDialog, SendDlgItemMessageA, GetDlgItem, IsWindow, GetMenu, CopyRect, EndPaint, BeginPaint, InsertMenuItemA, CopyImage, SetMenuDefaultItem, SetMenu, CreateMenu, DeleteMenu, DestroyMenu, DrawMenuBar, SetMenuItemInfoA, GetDesktopWindow, SetWindowPos, GetMessageA, RedrawWindow, wsprintfA, CharNextA, IsMenu, GetWindowTextA, GetDlgCtrlID, EnumChildWindows, GetActiveWindow, LockWindowUpdate, EnableWindow, LoadStringA, IsCharAlphaA, SetClassLongA, AdjustWindowRectEx, SetRect, SystemParametersInfoA, GetSystemMetrics, ReleaseDC, GetDC, GetSysColor, SetCursor, GetFocus, GetForegroundWindow, MessageBeep, PtInRect, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, GetMenuItemInfoA, PostMessageA, SetWindowTextA, ReleaseCapture, SetCapture, ClientToScreen, GetParent, GetWindowLongA, GetKeyState, SendMessageA, WindowFromPoint, DispatchMessageA, TranslateMessage, PeekMessageA, UnregisterHotKey, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, EnumWindows, EnumThreadWindows, SendMessageTimeoutA, SetWindowLongA, CharUpperA, GetClientRect, TrackPopupMenuEx, GetCursorPos, DefDlgProcA, IsDialogMessageA, GetClassNameA, InvalidateRect, ScreenToClient, GetWindowRect, DefWindowProcA, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageA, SetTimer, ShowWindow, CreateWindowExA, RegisterClassExA, LoadIconA, LoadCursorA, CreateIcon, SetForegroundWindow, IsIconic, FindWindowA, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, keybd_event, AttachThreadInput, GetWindowThreadProcessId, VkKeyScanA, GetKeyboardLayoutNameA, MapVirtualKeyA, MessageBoxA, LoadImageA, IsCharAlphaNumericA, GetSysColorBrush, DestroyIcon, IsCharLowerA, IsCharUpperA, CharUpperBuffA, DestroyWindow, DialogBoxParamA, IsWindowVisible
> GDI32.dll: PolyBezierTo, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, LineTo, GetTextExtentPoint32A, CreateDIBSection, BitBlt, GetDIBits, CreateDCA, GetTextFaceA, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectA, DeleteDC, CreateCompatibleDC, SelectObject, CreateFontA, GetDeviceCaps, GetStockObject, SetBkMode, SetTextColor, GetPixel, CreateSolidBrush, DeleteObject, SetBkColor
> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA
> ADVAPI32.dll: RegEnumValueA, RegDeleteValueA, RegDeleteKeyA, RegSetValueExA, RegCreateKeyExA, GetUserNameA, RegConnectRegistryA, RegEnumKeyExA, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegQueryValueExA, RegOpenKeyExA
> SHELL32.dll: SHFileOperationA, SHGetPathFromIDListA, SHGetDesktopFolder, SHGetMalloc, Shell_NotifyIconA, ExtractIconExA, ExtractIconA, DragFinish, DragQueryFileA, DragQueryPoint, SHBrowseForFolderA
> ole32.dll: CreateStreamOnHGlobal, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemAlloc, CoTaskMemFree, IIDFromString, StringFromIID, CLSIDFromString, OleInitialize, OleUninitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, StringFromCLSID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

[ Modificato dom 31 ago 2008 - 19:06 ]
Torna ad inizio pagina
Danix
dom 31 ago 2008 - 21:20

online

Utente registrato #1
Registrato il: ven 29 dic 2006 - 05:38
Provenienza: Sassari
Messaggi: 12956
Benvenuto su winPenPack

Qualcuno mi può dire di più a riguardo??

Giustappunto: -Link-
Torna ad inizio pagina
Sito Web
MaxBad62
lun 01 set 2008 - 07:22

online
Utente registrato #11995
Registrato il: lun 23 giu 2008 - 18:49
Provenienza: Vicenza
Messaggi: 31
Grazie Danix!!!
Ne Deduco che allora posso utilizzarlo tranquillamemte?!?
Torna ad inizio pagina
Danix
dom 14 set 2008 - 15:33

online

Utente registrato #1
Registrato il: ven 29 dic 2006 - 05:38
Provenienza: Sassari
Messaggi: 12956
Problema risolto con ClamWin (vedi homepage)

dopo aver effettuato una scansione con ClamAV

ClamAV o ClamWin?
Torna ad inizio pagina
Sito Web
MaxBad62
dom 14 set 2008 - 16:44

online
Utente registrato #11995
Registrato il: lun 23 giu 2008 - 18:49
Provenienza: Vicenza
Messaggi: 31
Grazie 1000 Danix. Ottimo lavoro!! Ma non vi riposate mai??
Comunque avevo già deciso di fidarmi, visto che la percentuale di antivirus che
riconoscevano una possibile infezione era così esigua.

Scusa Danix, era ClamWin!

[ Modificato dom 14 set 2008 - 17:27 ]
Torna ad inizio pagina

Moderatori: Danix, Taf, Rcs, Energy, zandet2, ZioZione, Admin, LordJim60

Salta:     Torna ad inizio pagina

RSS discussione: rss 0.92 RSS discussione: rss 2.0 RSS discussione: RDF
Powered by e107 Forum System