[Not curable - Virut] Need serious help
- Thread starter domino23
- Start date
- Status
Broni
Posts: 56,041 +516
Upload following files to http://www.virustotal.com/ for security check:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32
Post scans results.
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32
Post scans results.
Broni
Posts: 56,041 +516
You are infected with a polymorphic file infector (Virut in your case). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.
Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
*.exe
*.scr
*.htm
*.html
*.xml
*.zip
*.rar
*.doc
*.jpg
*.pdf
Backup all your documents and important items only.
DO NOT backup any files mentioned above.
I suggest you do the following immediately:
* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.
To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.
Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.
To find out more information about how you may have got infected in the first place, you can read this article.
I am sorry I cannot give any better news.
Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
*.exe
*.scr
*.htm
*.html
*.xml
*.zip
*.rar
*.doc
*.jpg
Backup all your documents and important items only.
DO NOT backup any files mentioned above.
I suggest you do the following immediately:
* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.
To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.
Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.
To find out more information about how you may have got infected in the first place, you can read this article.
I am sorry I cannot give any better news.
domino23
Posts: 49 +0
ok bro i reinstalled XP and the computer is running a little better BUT there's something still wrong. my avg is still detecting small infections every hour or so and my explorer still keeps freezing up until i close it off in the task manager and restart explorer... anything else i can do?
Broni
Posts: 56,041 +516
OK. I don't want to mix this new issue with Virut topic, so I suggest you start new topic and we'll check what's going on.
Go through all 8 steps, post logs and include a note in your new topic, requesting my personal help (since I'm familiar with your case), so Bobbye won't reply there.
You can also PM me, when you create new topic.
Before you do that, I want you to do one thing (you can reply here), so we're sure, we're not dealing with same (Virut) issue.
Upload following files to http://www.virustotal.com/ for security check:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32
Post scans results.
Go through all 8 steps, post logs and include a note in your new topic, requesting my personal help (since I'm familiar with your case), so Bobbye won't reply there.
You can also PM me, when you create new topic.
Before you do that, I want you to do one thing (you can reply here), so we're sure, we're not dealing with same (Virut) issue.
Upload following files to http://www.virustotal.com/ for security check:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32
Post scans results.
domino23
Posts: 49 +0
explorer
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.06 Virus.Win32.Virut.q!IK
AhnLab-V3 2010.07.06.00 2010.07.05 Win32/Virut
AntiVir 8.2.4.2 2010.07.05 W32/Virut.AT
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.06 W32/Virut.AG
Avast 4.8.1351.0 2010.07.06 Win32:Virtob
Avast5 5.0.332.0 2010.07.06 Win32:Virtob
AVG 9.0.0.836 2010.07.05 Win32/Virut
BitDefender 7.2 2010.07.06 Win32.Virtob.7.Gen
CAT-QuickHeal 11.00 2010.06.30 W32.Virut.E
ClamAV 0.96.0.3-git 2010.07.06 Trojan.Small-4287
Comodo 5332 2010.07.06 Backdoor.Win32.Nepoe.em1
DrWeb 5.0.2.03300 2010.07.06 Win32.Virut.27
eSafe 7.0.17.0 2010.07.05 -
eTrust-Vet None 2010.07.05 Win32/Virut.6640
F-Prot 4.6.1.107 2010.07.05 W32/Virut.AG
F-Secure 9.0.15370.0 2010.07.06 Win32.Virtob.7.Gen
Fortinet 4.1.133.0 2010.07.04 W32/Virut.J
GData 21 2010.07.06 Win32.Virtob.7.Gen
Ikarus T3.1.1.84.0 2010.07.06 Virus.Win32.Virut.q
Jiangmin 13.0.900 2010.07.03 Win32/Virut.ae
Kaspersky 7.0.0.125 2010.07.06 Virus.Win32.Virut.at
McAfee 5.400.0.1158 2010.07.06 W32/Virut.gen.a
McAfee-GW-Edition 2010.1 2010.07.05 W32/Virut.gen.a
Microsoft 1.5902 2010.07.03 Virus:Win32/Virut.AA
NOD32 5253 2010.07.05 Win32/Virut.AT
Norman 6.05.10 2010.07.05 W32/Virut.AH
nProtect 2010-07-05.01 2010.07.05 Virus/W32.Virut.K
Panda 10.0.2.7 2010.07.06 W32/Virutas.AH
PCTools 7.0.3.5 2010.07.06 Malware.Virut
Prevx 3.0 2010.07.06 -
Rising 22.55.01.01 2010.07.06 Win32.Virut.al
Sophos 4.54.0 2010.07.06 W32/Virut-Gen
Sunbelt 6548 2010.07.06 Virus.Win32.Virut.a (v)
Symantec 20101.1.0.89 2010.07.06 W32.Virut.W
TheHacker 6.5.2.1.308 2010.07.05 W32/Virut.genS
TrendMicro 9.120.0.1004 2010.07.06 PE_VIRUT.AT
TrendMicro-HouseCall 9.120.0.1004 2010.07.06 PE_VIRUT.AT
VBA32 3.12.12.5 2010.07.05 Virus.Win32.Virut.2
ViRobot 2010.6.29.3912 2010.07.05 Win32.Virut.U
VirusBuster 5.0.27.0 2010.07.05 Win32.Virut.Gen.4
Additional information
File size: 1039360 bytes
MD5...: 7c64beb12a9eb831047b64645ba1995b
SHA1..: 77f4e2607a45705d9ba7b5424055cc111813e8d2
SHA256: 7ef95478fd103066f6d7863b74169ebad3916462248a1582b92443a0d0775c53
ssdeep: 12288:gzEut4RuAwGgc7fNuIEGpPoHWr2Rkf8I+skzan1/g/J/v5nn71:gzEuAwj
2fNuIhakf8I+sk81/g/J/JnR
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xfe800
timedatestamp.....: 0x41107ece (Wed Aug 04 06:14:38 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44689 0x44800 6.38 b257b3cd7102cece46cd7366aff0f34b
.data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf
.rsrc 0x48000 0xb2278 0xb2400 6.63 abf6dc1befe1a4a4c7f6ef51d1a6f907
.reloc 0xfb000 0x9800 0x5400 7.26 8bacbaca8c453710149cf245a15b4d54
( 13 imports )
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> BROWSEUI.dll: -, -, -, -
> SHDOCVW.dll: -, -, -
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Explorer
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.06 Virus.Win32.Virut.q!IK
AhnLab-V3 2010.07.06.00 2010.07.05 Win32/Virut
AntiVir 8.2.4.2 2010.07.05 W32/Virut.AT
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.06 W32/Virut.AG
Avast 4.8.1351.0 2010.07.06 Win32:Virtob
Avast5 5.0.332.0 2010.07.06 Win32:Virtob
AVG 9.0.0.836 2010.07.05 Win32/Virut
BitDefender 7.2 2010.07.06 Win32.Virtob.7.Gen
CAT-QuickHeal 11.00 2010.06.30 W32.Virut.E
ClamAV 0.96.0.3-git 2010.07.06 Trojan.Small-4287
Comodo 5332 2010.07.06 Backdoor.Win32.Nepoe.em1
DrWeb 5.0.2.03300 2010.07.06 Win32.Virut.27
eSafe 7.0.17.0 2010.07.05 -
eTrust-Vet None 2010.07.05 Win32/Virut.6640
F-Prot 4.6.1.107 2010.07.05 W32/Virut.AG
F-Secure 9.0.15370.0 2010.07.06 Win32.Virtob.7.Gen
Fortinet 4.1.133.0 2010.07.04 W32/Virut.J
GData 21 2010.07.06 Win32.Virtob.7.Gen
Ikarus T3.1.1.84.0 2010.07.06 Virus.Win32.Virut.q
Jiangmin 13.0.900 2010.07.03 Win32/Virut.ae
Kaspersky 7.0.0.125 2010.07.06 Virus.Win32.Virut.at
McAfee 5.400.0.1158 2010.07.06 W32/Virut.gen.a
McAfee-GW-Edition 2010.1 2010.07.05 W32/Virut.gen.a
Microsoft 1.5902 2010.07.03 Virus:Win32/Virut.AA
NOD32 5253 2010.07.05 Win32/Virut.AT
Norman 6.05.10 2010.07.05 W32/Virut.AH
nProtect 2010-07-05.01 2010.07.05 Virus/W32.Virut.K
Panda 10.0.2.7 2010.07.06 W32/Virutas.AH
PCTools 7.0.3.5 2010.07.06 Malware.Virut
Prevx 3.0 2010.07.06 -
Rising 22.55.01.01 2010.07.06 Win32.Virut.al
Sophos 4.54.0 2010.07.06 W32/Virut-Gen
Sunbelt 6548 2010.07.06 Virus.Win32.Virut.a (v)
Symantec 20101.1.0.89 2010.07.06 W32.Virut.W
TheHacker 6.5.2.1.308 2010.07.05 W32/Virut.genS
TrendMicro 9.120.0.1004 2010.07.06 PE_VIRUT.AT
TrendMicro-HouseCall 9.120.0.1004 2010.07.06 PE_VIRUT.AT
VBA32 3.12.12.5 2010.07.05 Virus.Win32.Virut.2
ViRobot 2010.6.29.3912 2010.07.05 Win32.Virut.U
VirusBuster 5.0.27.0 2010.07.05 Win32.Virut.Gen.4
Additional information
File size: 1039360 bytes
MD5...: 7c64beb12a9eb831047b64645ba1995b
SHA1..: 77f4e2607a45705d9ba7b5424055cc111813e8d2
SHA256: 7ef95478fd103066f6d7863b74169ebad3916462248a1582b92443a0d0775c53
ssdeep: 12288:gzEut4RuAwGgc7fNuIEGpPoHWr2Rkf8I+skzan1/g/J/v5nn71:gzEuAwj
2fNuIhakf8I+sk81/g/J/JnR
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xfe800
timedatestamp.....: 0x41107ece (Wed Aug 04 06:14:38 2004)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44689 0x44800 6.38 b257b3cd7102cece46cd7366aff0f34b
.data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf
.rsrc 0x48000 0xb2278 0xb2400 6.63 abf6dc1befe1a4a4c7f6ef51d1a6f907
.reloc 0xfb000 0x9800 0x5400 7.26 8bacbaca8c453710149cf245a15b4d54
( 13 imports )
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> BROWSEUI.dll: -, -, -, -
> SHDOCVW.dll: -, -, -
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Explorer
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
domino23
Posts: 49 +0
svc
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.06 -
AhnLab-V3 2010.07.06.00 2010.07.05 -
AntiVir 8.2.4.2 2010.07.05 -
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.06 -
Avast 4.8.1351.0 2010.07.06 -
Avast5 5.0.332.0 2010.07.06 -
AVG 9.0.0.836 2010.07.05 -
BitDefender 7.2 2010.07.06 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.06 -
Comodo 5332 2010.07.06 -
DrWeb 5.0.2.03300 2010.07.06 -
eSafe 7.0.17.0 2010.07.05 -
eTrust-Vet 36.1.7687 2010.07.05 -
F-Prot 4.6.1.107 2010.07.05 -
F-Secure 9.0.15370.0 2010.07.06 -
Fortinet 4.1.133.0 2010.07.04 -
GData 21 2010.07.06 -
Ikarus T3.1.1.84.0 2010.07.06 -
Jiangmin 13.0.900 2010.07.03 -
Kaspersky 7.0.0.125 2010.07.06 -
McAfee 5.400.0.1158 2010.07.06 -
McAfee-GW-Edition 2010.1 2010.07.05 -
Microsoft 1.5902 2010.07.03 -
NOD32 5253 2010.07.05 -
Norman 6.05.10 2010.07.05 -
nProtect 2010-07-05.01 2010.07.05 -
Panda 10.0.2.7 2010.07.06 -
PCTools 7.0.3.5 2010.07.06 -
Prevx 3.0 2010.07.06 -
Rising 22.55.01.01 2010.07.06 -
Sophos 4.54.0 2010.07.06 -
Sunbelt 6548 2010.07.06 -
Symantec 20101.1.0.89 2010.07.06 -
TheHacker 6.5.2.1.308 2010.07.05 -
TrendMicro 9.120.0.1004 2010.07.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.06 -
VBA32 3.12.12.5 2010.07.05 -
ViRobot 2010.6.29.3912 2010.07.06 -
VirusBuster 5.0.27.0 2010.07.05 -
Additional information
File size: 14336 bytes
MD5...: 8f078ae4ed187aaabc0a305146de6716
SHA1..: da0ff4006859a7580aba81f486f692dead2014fe
SHA256: 16593943861d03d508f37f60e41240dee14221e76f625835487f73d5010ac18a
ssdeep: 384:cpiRrTp13SkhnRCwOV5JpeLCdw9rDpWCl8CbW:dT/3Ska6Lh8C
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2509
timedatestamp.....: 0x41107ed6 (Wed Aug 04 06:14:46 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c00 0x2c00 6.29 6fc4d075dfb37185ffae8eacb467b822
.data 0x4000 0x1f0 0x200 1.61 553c0ebbbc67abab785f2065a062b522
.rsrc 0x5000 0x418 0x600 2.54 2997285df9158db5a62ffb42a2fd0d07
( 4 imports )
> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Generic Host Process for Win32 Services
original name: svchost.exe
internal name: svchost.exe
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.06 -
AhnLab-V3 2010.07.06.00 2010.07.05 -
AntiVir 8.2.4.2 2010.07.05 -
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.06 -
Avast 4.8.1351.0 2010.07.06 -
Avast5 5.0.332.0 2010.07.06 -
AVG 9.0.0.836 2010.07.05 -
BitDefender 7.2 2010.07.06 -
CAT-QuickHeal 11.00 2010.06.30 -
ClamAV 0.96.0.3-git 2010.07.06 -
Comodo 5332 2010.07.06 -
DrWeb 5.0.2.03300 2010.07.06 -
eSafe 7.0.17.0 2010.07.05 -
eTrust-Vet 36.1.7687 2010.07.05 -
F-Prot 4.6.1.107 2010.07.05 -
F-Secure 9.0.15370.0 2010.07.06 -
Fortinet 4.1.133.0 2010.07.04 -
GData 21 2010.07.06 -
Ikarus T3.1.1.84.0 2010.07.06 -
Jiangmin 13.0.900 2010.07.03 -
Kaspersky 7.0.0.125 2010.07.06 -
McAfee 5.400.0.1158 2010.07.06 -
McAfee-GW-Edition 2010.1 2010.07.05 -
Microsoft 1.5902 2010.07.03 -
NOD32 5253 2010.07.05 -
Norman 6.05.10 2010.07.05 -
nProtect 2010-07-05.01 2010.07.05 -
Panda 10.0.2.7 2010.07.06 -
PCTools 7.0.3.5 2010.07.06 -
Prevx 3.0 2010.07.06 -
Rising 22.55.01.01 2010.07.06 -
Sophos 4.54.0 2010.07.06 -
Sunbelt 6548 2010.07.06 -
Symantec 20101.1.0.89 2010.07.06 -
TheHacker 6.5.2.1.308 2010.07.05 -
TrendMicro 9.120.0.1004 2010.07.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.06 -
VBA32 3.12.12.5 2010.07.05 -
ViRobot 2010.6.29.3912 2010.07.06 -
VirusBuster 5.0.27.0 2010.07.05 -
Additional information
File size: 14336 bytes
MD5...: 8f078ae4ed187aaabc0a305146de6716
SHA1..: da0ff4006859a7580aba81f486f692dead2014fe
SHA256: 16593943861d03d508f37f60e41240dee14221e76f625835487f73d5010ac18a
ssdeep: 384:cpiRrTp13SkhnRCwOV5JpeLCdw9rDpWCl8CbW:dT/3Ska6Lh8C
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2509
timedatestamp.....: 0x41107ed6 (Wed Aug 04 06:14:46 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c00 0x2c00 6.29 6fc4d075dfb37185ffae8eacb467b822
.data 0x4000 0x1f0 0x200 1.61 553c0ebbbc67abab785f2065a062b522
.rsrc 0x5000 0x418 0x600 2.54 2997285df9158db5a62ffb42a2fd0d07
( 4 imports )
> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Generic Host Process for Win32 Services
original name: svchost.exe
internal name: svchost.exe
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
domino23
Posts: 49 +0
what do you mean? and i wonder if the key is i didn't disconnect?
domino23
Posts: 49 +0
user
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.06 Trojan.Agent2!IK
AhnLab-V3 2010.07.06.00 2010.07.05 Win32/Virut
AntiVir 8.2.4.2 2010.07.05 W32/Virut.AT
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.06 W32/Virut.AG
Avast 4.8.1351.0 2010.07.06 Win32:Virtob
Avast5 5.0.332.0 2010.07.06 Win32:Virtob
AVG 9.0.0.836 2010.07.05 Win32/Virut
BitDefender 7.2 2010.07.06 Win32.Virtob.7.Gen
CAT-QuickHeal 11.00 2010.06.30 W32.Virut.E
ClamAV 0.96.0.3-git 2010.07.06 Trojan.Small-4287
Comodo 5332 2010.07.06 Backdoor.Win32.Nepoe.em1
DrWeb 5.0.2.03300 2010.07.06 Win32.Virut.27
eSafe 7.0.17.0 2010.07.05 -
eTrust-Vet 36.1.7687 2010.07.05 Win32/Virut.6640
F-Prot 4.6.1.107 2010.07.05 W32/Virut.AG
F-Secure 9.0.15370.0 2010.07.06 Win32.Virtob.7.Gen
Fortinet 4.1.133.0 2010.07.04 W32/Virut.J
GData 21 2010.07.06 Win32.Virtob.7.Gen
Ikarus T3.1.1.84.0 2010.07.06 Trojan.Agent2
Jiangmin 13.0.900 2010.07.03 Win32/Virut.ae
Kaspersky 7.0.0.125 2010.07.06 Virus.Win32.Virut.at
McAfee 5.400.0.1158 2010.07.06 W32/Virut.gen.a
McAfee-GW-Edition 2010.1 2010.07.05 Heuristic.LooksLike.Win32.SuspiciousPE.J
Microsoft 1.5902 2010.07.03 Virus:Win32/Virut.AA
NOD32 5253 2010.07.05 Win32/Virut.AT
Norman 6.05.10 2010.07.05 W32/Virut.AH
nProtect 2010-07-05.01 2010.07.05 Virus/W32.Virut.K
Panda 10.0.2.7 2010.07.06 W32/Virutas.AH
PCTools 7.0.3.5 2010.07.06 Malware.Virut
Prevx 3.0 2010.07.06 -
Rising 22.55.01.01 2010.07.06 Win32.Virut.al
Sophos 4.54.0 2010.07.06 W32/Virut-Gen
Sunbelt 6548 2010.07.06 Virus.Win32.Virut.a (v)
Symantec 20101.1.0.89 2010.07.06 W32.Virut.W
TheHacker 6.5.2.1.308 2010.07.05 W32/Virut.genS
TrendMicro 9.120.0.1004 2010.07.06 PE_VIRUT.AT
TrendMicro-HouseCall 9.120.0.1004 2010.07.06 PE_VIRUT.AT
VBA32 3.12.12.5 2010.07.05 Virus.Win32.Virut.2
ViRobot 2010.6.29.3912 2010.07.06 Win32.Virut.U
VirusBuster 5.0.27.0 2010.07.05 Win32.Virut.Gen.4
Additional information
File size: 31744 bytes
MD5...: 710a9045fa363c59f85cb35f9fff9de9
SHA1..: f0d574472a2957a41389035ca0ca3816371d8800
SHA256: 7367d8aa2cfc86c7bd5394239a7af9ffc6d947d67270e17b3f82c0e92058c426
ssdeep: 768:5JDUaxgu5YEVBxkjuv7wbaLa4PU4b7rw1a0GF+:5JHxIEVBvT2aLa4PUO7J
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7c00
timedatestamp.....: 0x41107b78 (Wed Aug 04 06:00:24 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4db8 0x4e00 6.01 16aee663ed180007a0bf5bf24b845096
.data 0x6000 0x14c 0x200 1.86 cbb599f9267bf53209039d14a3574eb1
.rsrc 0x7000 0x6c00 0x2800 6.80 731c280eab5875531bb55c7ab3fea2f6
( 7 imports )
> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
> CRYPT32.dll: CryptProtectData
> WINSPOOL.DRV: SpoolerInit
> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv
> KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Userinit Logon Application
original name: USERINIT.EXE
internal name: userinit
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.06 Trojan.Agent2!IK
AhnLab-V3 2010.07.06.00 2010.07.05 Win32/Virut
AntiVir 8.2.4.2 2010.07.05 W32/Virut.AT
Antiy-AVL 2.0.3.7 2010.07.02 -
Authentium 5.2.0.5 2010.07.06 W32/Virut.AG
Avast 4.8.1351.0 2010.07.06 Win32:Virtob
Avast5 5.0.332.0 2010.07.06 Win32:Virtob
AVG 9.0.0.836 2010.07.05 Win32/Virut
BitDefender 7.2 2010.07.06 Win32.Virtob.7.Gen
CAT-QuickHeal 11.00 2010.06.30 W32.Virut.E
ClamAV 0.96.0.3-git 2010.07.06 Trojan.Small-4287
Comodo 5332 2010.07.06 Backdoor.Win32.Nepoe.em1
DrWeb 5.0.2.03300 2010.07.06 Win32.Virut.27
eSafe 7.0.17.0 2010.07.05 -
eTrust-Vet 36.1.7687 2010.07.05 Win32/Virut.6640
F-Prot 4.6.1.107 2010.07.05 W32/Virut.AG
F-Secure 9.0.15370.0 2010.07.06 Win32.Virtob.7.Gen
Fortinet 4.1.133.0 2010.07.04 W32/Virut.J
GData 21 2010.07.06 Win32.Virtob.7.Gen
Ikarus T3.1.1.84.0 2010.07.06 Trojan.Agent2
Jiangmin 13.0.900 2010.07.03 Win32/Virut.ae
Kaspersky 7.0.0.125 2010.07.06 Virus.Win32.Virut.at
McAfee 5.400.0.1158 2010.07.06 W32/Virut.gen.a
McAfee-GW-Edition 2010.1 2010.07.05 Heuristic.LooksLike.Win32.SuspiciousPE.J
Microsoft 1.5902 2010.07.03 Virus:Win32/Virut.AA
NOD32 5253 2010.07.05 Win32/Virut.AT
Norman 6.05.10 2010.07.05 W32/Virut.AH
nProtect 2010-07-05.01 2010.07.05 Virus/W32.Virut.K
Panda 10.0.2.7 2010.07.06 W32/Virutas.AH
PCTools 7.0.3.5 2010.07.06 Malware.Virut
Prevx 3.0 2010.07.06 -
Rising 22.55.01.01 2010.07.06 Win32.Virut.al
Sophos 4.54.0 2010.07.06 W32/Virut-Gen
Sunbelt 6548 2010.07.06 Virus.Win32.Virut.a (v)
Symantec 20101.1.0.89 2010.07.06 W32.Virut.W
TheHacker 6.5.2.1.308 2010.07.05 W32/Virut.genS
TrendMicro 9.120.0.1004 2010.07.06 PE_VIRUT.AT
TrendMicro-HouseCall 9.120.0.1004 2010.07.06 PE_VIRUT.AT
VBA32 3.12.12.5 2010.07.05 Virus.Win32.Virut.2
ViRobot 2010.6.29.3912 2010.07.06 Win32.Virut.U
VirusBuster 5.0.27.0 2010.07.05 Win32.Virut.Gen.4
Additional information
File size: 31744 bytes
MD5...: 710a9045fa363c59f85cb35f9fff9de9
SHA1..: f0d574472a2957a41389035ca0ca3816371d8800
SHA256: 7367d8aa2cfc86c7bd5394239a7af9ffc6d947d67270e17b3f82c0e92058c426
ssdeep: 768:5JDUaxgu5YEVBxkjuv7wbaLa4PU4b7rw1a0GF+:5JHxIEVBvT2aLa4PUO7J
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7c00
timedatestamp.....: 0x41107b78 (Wed Aug 04 06:00:24 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4db8 0x4e00 6.01 16aee663ed180007a0bf5bf24b845096
.data 0x6000 0x14c 0x200 1.86 cbb599f9267bf53209039d14a3574eb1
.rsrc 0x7000 0x6c00 0x2800 6.80 731c280eab5875531bb55c7ab3fea2f6
( 7 imports )
> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
> CRYPT32.dll: CryptProtectData
> WINSPOOL.DRV: SpoolerInit
> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, NtQueryInformationToken, RtlConvertSidToUnicodeString
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, __setusermatherr, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _initterm, _adjust_fdiv
> KERNEL32.dll: GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, SetEnvironmentVariableW, lstrlenW, lstrcpyW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, ExpandEnvironmentStringsW, SetEvent, OpenEventW, Sleep, GetLastError, SearchPathW, CreateProcessW
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Userinit Logon Application
original name: USERINIT.EXE
internal name: userinit
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
- Status
Similar threads
Latest posts
-
Nintendo DMCA lawyers shut down everything Mario on Garry's Mod- VariableSpike replied
