Hallo,
auf meinem rechner habe ich einen Trojaner/Trojan Startpage, escan im abgesicherten modus habe ich bereits ausgeführt. es wurden 13 viren gefunden , jetzt das problem wie bekomme ich die viren gelöscht? ich lese hier im board das die viren meldungen gepostet werden sollen, im abgesicherten modus komme ich doch nicht ins netz oder doch? wenn ihr mir helft dann bitte so das ein greis von 44 es auch vertsteht
z. zt. bin ich über den rechner meiner tochter on

Fredi

poste bitte das escan log so:
öffne die datei mwav.log,klicke auf bearbeiten dann auf suchen
gebe infected ein
suche weiter,markiere die treffer und kopiere sie ins forum
du kannst den log auch im normalen modus posten.
poste ein neues HijackThis log

erstelle ein HijackThis log wie es auf http://www.trojaner-board.de/51130-a...ijackthis.html steht und poste es.

@Fredi

überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht.

Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre)

chaosman

um zu posten muss ich den abgesicherten modus verlassen, kann da nicht mehr passieren?
fredi

Zitat:

Zitat von Fredi

um zu posten muss ich den abgesicherten modus verlassen, kann da nicht mehr passieren?
fredi

Doch

Auf der Strasse könntest Du überfahren werden, verlässt Du deshalb nie mehr Dein Haus?

na bevor ich mich vom auto überfahren lasse

File C:\WINDOWS\System32\lilgpd.dll infected by "Trojan.Win32.StartPage.ix" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ABox.exe infected by "not-a-virus:AdWare.AdBox.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\gwd-10005.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\170D21AE.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
File C:\Programme\Norton AntiVirus\Quarantine\45924C35.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ABox.exe infected by "not-a-virus:AdWare.AdBox.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Coder\_1-tat-0-0-.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Coder\_2-tto-1-0-.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\teensex.exe infected by "Trojan.Win32.Dialer.e" Virus. Action Taken: No Action Taken.
=> File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\teensex.exe infected by "Trojan.Win32.Dialer.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\teensex.exe infected by "Trojan.Win32.Dialer.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\gwd-10005.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\teensex.exe infected by "Trojan.Win32.Dialer.e" Virus. Action Taken: No Action Taken.

so hier noch der log file, ich hoffe ihr könnt damit etwas anfengen
gruß
fredi

Logfile of HijackThis v1.99.0
Scan saved at 20:23:30, on 25.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Browser mouse\1.3\mouse32a.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\logon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\GINA~1.ORT\LOKALE~1\Temp\Rar$EX01.328\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\GINA~1.ORT\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\GINA~1.ORT\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: _URLHandler - {7FF23285-DBBC-49B6-818C-34AC459D5BB3} - C:\WINDOWS\system32\pidd.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {656CFB6F-59C0-4B1E-8F1E-D37C8A9D37B1} - C:\WINDOWS\System32\lilgpd.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMMEDIONMOUSE] C:\Programme\Browser mouse\1.3\mouse32a.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Personal ID] C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll
O10 - Broken Internet access because of LSP provider 'rpc32vm.dll' missing
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - http://irc2.bluewin.ch/java/cr.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int4.exe
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://god.t-online.de/download/ExentCtl.ocx
O16 - DPF: {8E65B894-C2E9-11D5-BCD3-00E018987501} - http://01.sharedsource.org/cabs/@jovencitassses.cab
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} - http://econnect.libereco.net/econnect.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsi...eUploader3.cab
O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EroWebInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53D7BA3C-7455-4E08-9538-A2ED5D5B3793}: NameServer = 192.168.2.1
O18 - Filter: text/html - {3201AE8E-B55E-493C-A73D-0E4661807D3A} - C:\WINDOWS\System32\lilgpd.dll
O18 - Filter: text/plain - {3201AE8E-B55E-493C-A73D-0E4661807D3A} - C:\WINDOWS\System32\lilgpd.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: License Management Service ESD - element5 - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Hallo,

beende diese Datei im TaskManager -> C:\WINDOWS\logon.exe
Überprüfe diese bei http://virusscan.jotti.org/de und poste das Ergebnis.

hallo,
ich hoffe du meintest das hier
Fredi

Jotti's malware scan 2.42



File to upload & scan:
Powered by:


By uploading files to this online service you agree that your files will be stored locally for personal virus collection interests.

Furthermore: this service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, I cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, I am aware of the implications of a setup like this. I am sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). I am aware, in spite of efforts to proactively counter these, false positives might occur, for example. I do not consider this a very big issue, so please do not e-mail me about it. This is a simple online scan service, not the university of Wichita (however, manual correction is performed on a regular basis). Although I try to keep these results as accurate as humanly possible, the only viable conclusion to be drawn here: "100% protection" is a myth.

Scanning can take quite a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

This service costs me money. Server hardware, undonated scanner licenses, (backup) power etc... If you feel this service is useful, please consider a (small) donation so I can keep the service level up!

Server hardware sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., and some people who prefer to remain anonymous... many thanks to all!

Service load: 0% 100%

Status: Ready for upload
Statistics
Last piece of malware found was not-a-virus:RiskWare.Monitor.Perflogger.al in SwearHack.exe, detected by:

Scanner Malware name Time taken
AntiVir X 0.16 seconds
Avast X 1.51 seconds
BitDefender Trojan.Spy.Agent.Y 0.41 seconds
ClamAV X 0.44 seconds
Dr.Web X 0.55 seconds
F-Prot Antivirus X 0.24 seconds
Kaspersky Anti-Virus not-a-virus:RiskWare.Monitor.Perflogger.al 0.80 seconds
mks_vir X 0.25 seconds
NOD32 X 0.43 seconds
Norman Virus Control X 2.11 seconds



Service statistics:

8759 files (6145 of those unique) have been uploaded & scanned since 17/01/2005, the day of the last database purge.
1747 of those 6145 files contained a virus or any other form of malware.
This page has been visited 15993 times in this time period.
This service managed to spot 148 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1020 suspicious files without any help from scanner results.
However, 21 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 99.66% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.

No I am not sitting still! A new, better version of this service is being developed.
If you have suggestions and/or comments, please send me them!
Most popular malware:

Rank Malware name Uploaded Last known filename
1 trojan.spy.agent.y 86 times SwearHack.exe
2 worm/robobot 61 times install.exe
3 worm/wurmark.d.2.1 49 times logoner.zip
4 behaveslike:win32.explorerhijack 43 times aempswacu.exe
5 backdoor.win32.rbot.gen 39 times 2.exe
6 win32.hllw.mybot.based 37 times yeah.exe
7 trojan.downloader.istbar.er 30 times gripo32.zip
8 win32:trojan-gen. {other} 24 times imfreg.dll
9 behaveslike:trojan.downloader 23 times dawebSTUD.exe
10 win32.hllw.mybot 19 times Trgp_UPDATE.exe
11 trojan.downloader.stubby.c 19 times farmmext.exe
12 tr/small.cr 19 times fff-u72x_reg.exe
13 bds/optix.pro.13.28 18 times Kopie_von_Setup.exe
14 w32/parite 17 times KeKe.exe
15 trojan.unremote.a 15 times Hacking_Tutorial.zip





Virus definitions are updated every hour. Please do not upload tons of megabytes to this online scanner and download a decent anti virus package yourself. There is a 10Mb limit per file. Use this if you need to be sure a file is uninfected and you don't trust your own environment. Really abusive people will get a nice iptables -j DROP rule on this machine, which is not available in your local store.

ABUSE OF THIS SERVICE (INCLUDING UPLOADING DELIBERATELY MODIFIED -PACKED/ENCRYPTED/BYTESWAPPED- VERSIONS OF THE SAME SAMPLE) WILL RESULT IN AN IP BAN.

Please do not ask for any of these viruses, unless you work for an anti-virus vendor. They are not for trade.

Changelog - Frequently Asked Questions

Feedback/comments/questions/false positive reports

Copyright (C) Jordi Bosveld 2004-2005

kann mir den keiner helfen? ist ziemlich schwierig für mich euren anleitungen zu folgen
Fredi

Guten Morgen,
ich muss sagen ich bin erstaunt, man postet ein problem wird von den erfahrenen benutzern aufgefordert dieses und jenes zu tun. versucht dies nach bestem wissen und gewissen. und dann nichts keine antwort, wieso weil man eh zu blöd ist???
Fredi

Es ist richtig, dass du das offenbar versucht hast, es hat aber nicht geklappt, denn die Informationen, die du von Jotti kopiert hast, haben mit dem zu untersuchenden File nichts zu tun. Hat denn das Hochladen dort prinzipiell funktioniert? Du musst auf Durchsuchen gehen, dass zu dem zu überprüfenden File navigieren, dieses doppelklicken und dann auf Submit gehen. Danach muss eine Übersicht analaog zu dieser erscheinen:

AntiVir X 0.16 seconds
Avast X 1.51 seconds
BitDefender Trojan.Spy.Agent.Y 0.41 seconds
ClamAV X 0.44 seconds
Dr.Web X 0.55 seconds
F-Prot Antivirus X 0.24 seconds
Kaspersky Anti-Virus not-a-virus:RiskWare.Monitor.Perflogger.al 0.80 seconds
mks_vir X 0.25 seconds
NOD32 X 0.43 seconds
Norman Virus Control X 2.11 seconds

allerdings eben bezogen auf die Datei, die du hochgeladen hast, also die logon.exe


Es handelt sich wahrscheinlich um diesen Schädling:

http://www.sophos.de/virusinfo/analyses/trojaboxa.html


Geshdt du über DSl oder Modem/ISDN ins Netz? Das Beste wäre, du machst gleich einen sauberen Schnitt und setzt dein System neu auf. Aber teste mal diese Datei noch.

hallo,
ich werde das heute abend nochmal versuchen.
fredi

Zitat:

Zitat von Fredi

Guten Morgen,
ich muss sagen ich bin erstaunt, man postet ein problem wird von den erfahrenen benutzern aufgefordert dieses und jenes zu tun. versucht dies nach bestem wissen und gewissen. und dann nichts keine antwort, wieso weil man eh zu blöd ist???
Fredi

Auch Guten Morgen,
schlecht geschlafen?
Ich muß sagen, ich bin erstaunt!
Du bekommst hier kostenlose Hilfe von Leuten die dies in ihrer Freizeit machen.
Und Du verlangst postwendend Antwort und Support?
Weißt Du was Du in der freien Wirtschaft normalerweise für sofortigen Support zahlst? Mit Nachtzuschlag?
Was hast Du nur für ein freundliches Anspruchsdenken!
DU hast DEINEN PC versaut und vollkommen unbekannte Menschen sollen jetzt für DICH hupfen?
Na hoffentlich bekommen sie wenigsten mal einen Dank dafür.
Laß Dir dies mal bitte (bis heute abend) durch den Kopf gehen.
*grml*
(mich langsam wieder abreg)

hallo,
ich habe jotti noch einmal durchlaufen lassen und hoffe dieses mal richtig, es wäre nett wenn ihr nochmal drüber schauen würdet.
danke
fredi
Jotti's malware scan 2.42

File to upload & scan:
Powered by:


By uploading files to this online service you agree that your files will be stored locally for personal virus collection interests.

Furthermore: this service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, I cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, I am aware of the implications of a setup like this. I am sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). I am aware, in spite of efforts to proactively counter these, false positives might occur, for example. I do not consider this a very big issue, so please do not e-mail me about it. This is a simple online scan service, not the university of Wichita (however, manual correction is performed on a regular basis). Although I try to keep these results as accurate as humanly possible, the only viable conclusion to be drawn here: "100% protection" is a myth.

Scanning can take quite a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

This service costs me money. Server hardware, undonated scanner licenses, (backup) power etc... If you feel this service is useful, please consider a (small) donation so I can keep the service level up!

Server hardware sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., and some people who prefer to remain anonymous... many thanks to all!

Service load: 0% 100%

File: logon.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: None

AntiVir TR/Dldr.VB.fi (0.15 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender Trojan.Downloader.VB.FI (0.37 seconds taken)
ClamAV Trojan.Downloader.VB-16 (0.42 seconds taken)
Dr.Web Trojan.DownLoader.1413 (0.56 seconds taken)
F-Prot Antivirus No viruses found (0.07 seconds taken)
Kaspersky Anti-Virus Trojan-Downloader.Win32.VB.fi (0.67 seconds taken)
mks_vir Trojan.Downloader.Vb.Fi (0.21 seconds taken)
NOD32 Win32/TrojanDownloader.VB.NAH (0.39 seconds taken)
Norman Virus Control No viruses found (0.43 seconds taken)

Statistics
Last piece of malware found was Boxed.gen in install.exe, detected by:

Scanner Malware name Time taken
AntiVir Worm/Robobot 0.16 seconds
Avast X 1.51 seconds
BitDefender X 2.12 seconds
ClamAV X 0.39 seconds
Dr.Web Trojan.Proxy.106 0.56 seconds
F-Prot Antivirus X 0.36 seconds
Kaspersky Anti-Virus Trojan-Proxy.Win32.Agent.cw 0.70 seconds
mks_vir Win32.4 0.23 seconds
NOD32 Win32/Webus.C 0.38 seconds
Norman Virus Control Boxed.gen 0.15 seconds



Service statistics:

10875 files (7518 of those unique) have been uploaded & scanned since 17/01/2005, the day of the last database purge.
2155 of those 7518 files contained a virus or any other form of malware.
This page has been visited 19883 times in this time period.
This service managed to spot 173 pieces of malware no vendor used knew about at the time of uploading.
The service also warned against 1225 suspicious files without any help from scanner results.
However, 21 files reported to be OK were found out to be malware later (this is checked daily).
As far as can be told, all this together makes this service 99.72% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.

No I am not sitting still! A new, better version of this service is being developed.
If you have suggestions and/or comments, please send me them!
Most popular malware:

Rank Malware name Uploaded Last known filename
1 trojan.spy.agent.y 101 times BadgerAB.zip
2 worm/robobot 87 times install.exe
3 worm/wurmark.d.2.1 50 times logoner.zip
4 behaveslike:win32.explorerhijack 49 times r00t--Undetected.exe
5 backdoor.win32.rbot.gen 43 times RBot--Undetected.exe
6 win32.hllw.mybot.based 41 times yeah.exe
7 trojan.downloader.istbar.er 41 times Uninstall.exe
8 win32:trojan-gen. {other} 30 times Backdoor.Haxdoor
9 tr/small.cr 28 times sdvdrip_Regpatch.exe
10 behaveslike:trojan.downloader 24 times project1.exe
11 win32.hllw.mybot 22 times navprotect.exe
12 trojan.downloader.stubby.c 21 times farmmext.exe
13 trojan.unremote.a 20 times aimbot.zip
14 tr/psw.ldpinch.jm1 20 times pornofoto.jpg___________________________________________________________________________________.exe
15 bds/optix.pro.13.28 18 times Kopie_von_Setup.exe





Virus definitions are updated every hour. Please do not upload tons of megabytes to this online scanner and download a decent anti virus package yourself. There is a 10Mb limit per file. Use this if you need to be sure a file is uninfected and you don't trust your own environment. Really abusive people will get a nice iptables -j DROP rule on this machine, which is not available in your local store.

ABUSE OF THIS SERVICE (INCLUDING UPLOADING DELIBERATELY MODIFIED -PACKED/ENCRYPTED/BYTESWAPPED- VERSIONS OF THE SAME SAMPLE) WILL RESULT IN AN IP BAN.

Please do not ask for any of these viruses, unless you work for an anti-virus vendor. They are not for trade.

Changelog - Frequently Asked Questions

Feedback/comments/questions/false positive reports

Copyright (C) Jordi Bosveld 2004-2005