Google redirect -> rootkit?

Dosenfisch · 08.12.2009, 17:46

hi,
also virustotal ergab einen treffer von mc afee:

McAfee-GW-Edition 6.8.5 2009.12.06 Heuristic.LooksLike.Win32.NewMalware.H

sonst nichts, dennoch hier das komplette logfile:

Code:

ATTFilter

Antivirus 	Version 	letzte aktualisierung 	Ergebnis
a-squared 	4.5.0.43 	2009.12.06 	-
AhnLab-V3 	5.0.0.2 	2009.12.06 	-
AntiVir 	7.9.1.92 	2009.12.06 	-
Antiy-AVL 	2.0.3.7 	2009.12.04 	-
Authentium 	5.2.0.5 	2009.12.02 	-
Avast 	4.8.1351.0 	2009.12.06 	-
AVG 	8.5.0.426 	2009.12.06 	-
BitDefender 	7.2 	2009.12.06 	-
CAT-QuickHeal 	10.00 	2009.12.05 	-
ClamAV 	0.94.1 	2009.12.06 	-
Comodo 	3103 	2009.12.01 	-
DrWeb 	5.0.0.12182 	2009.12.06 	-
eSafe 	7.0.17.0 	2009.12.06 	-
eTrust-Vet 	35.1.7159 	2009.12.04 	-
F-Prot 	4.5.1.85 	2009.12.06 	-
F-Secure 	9.0.15370.0 	2009.12.03 	-
Fortinet 	4.0.14.0 	2009.12.06 	-
GData 	19 	2009.12.06 	-
Ikarus 	T3.1.1.74.0 	2009.12.06 	-
Jiangmin 	13.0.900 	2009.12.02 	-
K7AntiVirus 	7.10.912 	2009.12.05 	-
Kaspersky 	7.0.0.125 	2009.12.06 	-
McAfee 	5824 	2009.12.06 	-
McAfee+Artemis 	5824 	2009.12.06 	-
McAfee-GW-Edition 	6.8.5 	2009.12.06 	Heuristic.LooksLike.Win32.NewMalware.H
Microsoft 	1.5302 	2009.12.06 	-
NOD32 	4665 	2009.12.06 	-
Norman 	6.03.02 	2009.12.05 	-
nProtect 	2009.1.8.0 	2009.12.06 	-
Panda 	10.0.2.2 	2009.12.06 	-
PCTools 	7.0.3.5 	2009.12.06 	-
Prevx 	3.0 	2009.12.06 	-
Rising 	22.24.06.04 	2009.12.06 	-
Sophos 	4.48.0 	2009.12.06 	-
Sunbelt 	3.2.1858.2 	2009.12.06 	-
Symantec 	1.4.4.12 	2009.12.06 	-
TheHacker 	6.5.0.2.086 	2009.12.05 	-
TrendMicro 	9.100.0.1001 	2009.12.06 	-
VBA32 	3.12.12.0 	2009.12.03 	-
ViRobot 	2009.12.4.2072 	2009.12.04 	-
VirusBuster 	5.0.21.0 	2009.12.06 	-
weitere Informationen
File size: 21584 bytes
MD5   : 338c86357871c167a96ab976519bf59e
SHA1  : e99e20970139fb1e67bbc54fa8a61c18a4fce36e
SHA256: f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x603E
timedatestamp.....: 0x4A5BBF13 (Tue Jul 14 01:11:15 2009)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2472 0x2600 6.22 9b9f242740c0a1c2494b23ae50935e6d
.rdata 0x4000 0xAE 0x200 1.54 1833a5650ae0f8256ba78bf8ed79d6e1
.data 0x5000 0xC 0x200 0.18 7c80b151582aa6280e754b477343e54e
INIT 0x6000 0x38C 0x400 4.66 392ce67c807da67e018ad9cf892fde4c
.rsrc 0x7000 0x3F0 0x400 3.41 ecb60c1c006d2813169c8bcfe271a200
.reloc 0x8000 0xD2 0x200 2.47 035f51da8bf9893e51952ac185994f14

( 2 imports )

> ataport.sys: AtaPortNotification, AtaPortQuerySystemTime, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortCopyMemory, AtaPortEtwTraceLog, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange
> ntoskrnl.exe: KeTickCount

( 0 exports )
TrID  : File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:SN+KUt2BtUXbyTHoCtGRZjNVAsRMNSChq3BLWErUwW9Qu5VpBjbOjBMmhyMD:adUtytUXbyTICtGjNMNbcxHJudkMmwMD
PEiD  : -
RDS   : NSRL Reference Data Set
-

dr.web lass ich morgen früh drüber laufen, dann werd ich mich wieder melden.
danke!

Google redirect -> rootkit?

Log-Analyse und Auswertung: Google redirect -> rootkit?

Google redirect -> rootkit?

Ähnliche Themen: Google redirect -> rootkit?