|
Trojan Startpage Hallo, auf meinem rechner habe ich einen Trojaner/Trojan Startpage, escan im abgesicherten modus habe ich bereits ausgeführt. es wurden 13 viren gefunden :headbang: , jetzt das problem wie bekomme ich die viren gelöscht? ich lese hier im board das die viren meldungen gepostet werden sollen, im abgesicherten modus komme ich doch nicht ins netz oder doch? wenn ihr mir helft dann bitte so das ein greis von 44 es auch vertsteht :crazy: z. zt. bin ich über den rechner meiner tochter on Fredi |
poste bitte das escan log so: öffne die datei mwav.log,klicke auf bearbeiten dann auf suchen gebe infected ein suche weiter,markiere die treffer und kopiere sie ins forum du kannst den log auch im normalen modus posten. poste ein neues hijackthis log erstelle ein hijackthis log wie es auf http://www.trojaner-board.de/51130-a...ijackthis.html steht und poste es. |
@Fredi überprüfe Deinen Rechner zunächst mit dem eScan: lade den eScan runter, erstelle dafür einen Ordner (=Verzeichnis) c:\bases, update den eScan online und führe ihn offline im abgesicherten Modus aus. Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht. Das wird von Hand auf Anweisung durch uns gemacht. Teile uns dann das Ergebnis des eScan mit: welche Viren wurden auf Deinem Rechner gefunden: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen." (Zitat Cidre) chaosman |
um zu posten muss ich den abgesicherten modus verlassen, kann da nicht mehr passieren? fredi |
Zitat:
Auf der Strasse könntest Du überfahren werden, verlässt Du deshalb nie mehr Dein Haus? http://www.trojaner-board.com/images/smilies/wink.gif |
na bevor ich mich vom auto überfahren lasse ;) File C:\WINDOWS\System32\lilgpd.dll infected by "Trojan.Win32.StartPage.ix" Virus. Action Taken: No Action Taken. File C:\WINDOWS\ABox.exe infected by "not-a-virus:AdWare.AdBox.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\gwd-10005.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\170D21AE.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken. File C:\Programme\Norton AntiVirus\Quarantine\45924C35.dll infected by "not-a-virus:AdWare.SearchPage" Virus. Action Taken: No Action Taken. File C:\WINDOWS\ABox.exe infected by "not-a-virus:AdWare.AdBox.a" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Coder\_1-tat-0-0-.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Coder\_2-tto-1-0-.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\teensex.exe infected by "Trojan.Win32.Dialer.e" Virus. Action Taken: No Action Taken. => File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\teensex.exe infected by "Trojan.Win32.Dialer.e" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\teensex.exe infected by "Trojan.Win32.Dialer.e" Virus. Action Taken: No Action Taken. File C:\WINDOWS\gwd-10005.exe infected by "not-a-virus:Porn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken. File C:\WINDOWS\Downloaded Program Files\teensex.exe infected by "Trojan.Win32.Dialer.e" Virus. Action Taken: No Action Taken. |
so hier noch der log file, ich hoffe ihr könnt damit etwas anfengen gruß fredi Logfile of HijackThis v1.99.0 Scan saved at 20:23:30, on 25.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\atiptaxx.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Browser mouse\1.3\mouse32a.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\WINDOWS\logon.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Programme\Microsoft Office\Office10\WINWORD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\GINA~1.ORT\LOKALE~1\Temp\Rar$EX01.328\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\GINA~1.ORT\LOKALE~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOKUME~1\GINA~1.ORT\LOKALE~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: _URLHandler - {7FF23285-DBBC-49B6-818C-34AC459D5BB3} - C:\WINDOWS\system32\pidd.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {656CFB6F-59C0-4B1E-8F1E-D37C8A9D37B1} - C:\WINDOWS\System32\lilgpd.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [FLMMEDIONMOUSE] C:\Programme\Browser mouse\1.3\mouse32a.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Personal ID] C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\pidlsp.dll O10 - Broken Internet access because of LSP provider 'rpc32vm.dll' missing O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: ConferenceRoom Java Client - http://irc2.bluewin.ch/java/cr.cab O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int4.exe O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://god.t-online.de/download/ExentCtl.ocx O16 - DPF: {8E65B894-C2E9-11D5-BCD3-00E018987501} - http://01.sharedsource.org/cabs/@jovencitassses.cab O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} - http://econnect.libereco.net/econnect.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsi...eUploader3.cab O16 - DPF: {E3802230-F0E2-4A75-9947-EAB78DD8153F} (InstallerX Class) - http://www.euroklik.nl/cab/EroWebInstaller.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{53D7BA3C-7455-4E08-9538-A2ED5D5B3793}: NameServer = 192.168.2.1 O18 - Filter: text/html - {3201AE8E-B55E-493C-A73D-0E4661807D3A} - C:\WINDOWS\System32\lilgpd.dll O18 - Filter: text/plain - {3201AE8E-B55E-493C-A73D-0E4661807D3A} - C:\WINDOWS\System32\lilgpd.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: License Management Service ESD - element5 - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe |
Hallo, beende diese Datei im TaskManager -> C:\WINDOWS\logon.exe Überprüfe diese bei http://virusscan.jotti.org/de und poste das Ergebnis. |
hallo, ich hoffe du meintest das hier Fredi Jotti's malware scan 2.42 File to upload & scan: Powered by: By uploading files to this online service you agree that your files will be stored locally for personal virus collection interests. Furthermore: this service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, I cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Also, I am aware of the implications of a setup like this. I am sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). I am aware, in spite of efforts to proactively counter these, false positives might occur, for example. I do not consider this a very big issue, so please do not e-mail me about it. This is a simple online scan service, not the university of Wichita (however, manual correction is performed on a regular basis). Although I try to keep these results as accurate as humanly possible, the only viable conclusion to be drawn here: "100% protection" is a myth. Scanning can take quite a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware. This service costs me money. Server hardware, undonated scanner licenses, (backup) power etc... If you feel this service is useful, please consider a (small) donation so I can keep the service level up! Server hardware sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., and some people who prefer to remain anonymous... many thanks to all! Service load: 0% 100% Status: Ready for upload Statistics Last piece of malware found was not-a-virus:RiskWare.Monitor.Perflogger.al in SwearHack.exe, detected by: Scanner Malware name Time taken AntiVir X 0.16 seconds Avast X 1.51 seconds BitDefender Trojan.Spy.Agent.Y 0.41 seconds ClamAV X 0.44 seconds Dr.Web X 0.55 seconds F-Prot Antivirus X 0.24 seconds Kaspersky Anti-Virus not-a-virus:RiskWare.Monitor.Perflogger.al 0.80 seconds mks_vir X 0.25 seconds NOD32 X 0.43 seconds Norman Virus Control X 2.11 seconds Service statistics: 8759 files (6145 of those unique) have been uploaded & scanned since 17/01/2005, the day of the last database purge. 1747 of those 6145 files contained a virus or any other form of malware. This page has been visited 15993 times in this time period. This service managed to spot 148 pieces of malware no vendor used knew about at the time of uploading. The service also warned against 1020 suspicious files without any help from scanner results. However, 21 files reported to be OK were found out to be malware later (this is checked daily). As far as can be told, all this together makes this service 99.66% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism. No I am not sitting still! A new, better version of this service is being developed. If you have suggestions and/or comments, please send me them! Most popular malware: Rank Malware name Uploaded Last known filename 1 trojan.spy.agent.y 86 times SwearHack.exe 2 worm/robobot 61 times install.exe 3 worm/wurmark.d.2.1 49 times logoner.zip 4 behaveslike:win32.explorerhijack 43 times aempswacu.exe 5 backdoor.win32.rbot.gen 39 times 2.exe 6 win32.hllw.mybot.based 37 times yeah.exe 7 trojan.downloader.istbar.er 30 times gripo32.zip 8 win32:trojan-gen. {other} 24 times imfreg.dll 9 behaveslike:trojan.downloader 23 times dawebSTUD.exe 10 win32.hllw.mybot 19 times Trgp_UPDATE.exe 11 trojan.downloader.stubby.c 19 times farmmext.exe 12 tr/small.cr 19 times fff-u72x_reg.exe 13 bds/optix.pro.13.28 18 times Kopie_von_Setup.exe 14 w32/parite 17 times KeKe.exe 15 trojan.unremote.a 15 times Hacking_Tutorial.zip Virus definitions are updated every hour. Please do not upload tons of megabytes to this online scanner and download a decent anti virus package yourself. There is a 10Mb limit per file. Use this if you need to be sure a file is uninfected and you don't trust your own environment. Really abusive people will get a nice iptables -j DROP rule on this machine, which is not available in your local store. ABUSE OF THIS SERVICE (INCLUDING UPLOADING DELIBERATELY MODIFIED -PACKED/ENCRYPTED/BYTESWAPPED- VERSIONS OF THE SAME SAMPLE) WILL RESULT IN AN IP BAN. Please do not ask for any of these viruses, unless you work for an anti-virus vendor. They are not for trade. Changelog - Frequently Asked Questions Feedback/comments/questions/false positive reports Copyright (C) Jordi Bosveld 2004-2005 |
kann mir den keiner helfen? ist ziemlich schwierig für mich euren anleitungen zu folgen Fredi |
Guten Morgen, ich muss sagen ich bin erstaunt, man postet ein problem wird von den erfahrenen benutzern aufgefordert dieses und jenes zu tun. versucht dies nach bestem wissen und gewissen. und dann nichts keine antwort, wieso weil man eh zu blöd ist??? Fredi |
Es ist richtig, dass du das offenbar versucht hast, es hat aber nicht geklappt, denn die Informationen, die du von Jotti kopiert hast, haben mit dem zu untersuchenden File nichts zu tun. Hat denn das Hochladen dort prinzipiell funktioniert? Du musst auf Durchsuchen gehen, dass zu dem zu überprüfenden File navigieren, dieses doppelklicken und dann auf Submit gehen. Danach muss eine Übersicht analaog zu dieser erscheinen: AntiVir X 0.16 seconds Avast X 1.51 seconds BitDefender Trojan.Spy.Agent.Y 0.41 seconds ClamAV X 0.44 seconds Dr.Web X 0.55 seconds F-Prot Antivirus X 0.24 seconds Kaspersky Anti-Virus not-a-virus:RiskWare.Monitor.Perflogger.al 0.80 seconds mks_vir X 0.25 seconds NOD32 X 0.43 seconds Norman Virus Control X 2.11 seconds allerdings eben bezogen auf die Datei, die du hochgeladen hast, also die logon.exe Es handelt sich wahrscheinlich um diesen Schädling: http://www.sophos.de/virusinfo/analyses/trojaboxa.html Geshdt du über DSl oder Modem/ISDN ins Netz? Das Beste wäre, du machst gleich einen sauberen Schnitt und setzt dein System neu auf. Aber teste mal diese Datei noch. |
hallo, ich werde das heute abend nochmal versuchen. fredi |
Zitat:
schlecht geschlafen? Ich muß sagen, ich bin erstaunt! Du bekommst hier kostenlose Hilfe von Leuten die dies in ihrer Freizeit machen. Und Du verlangst postwendend Antwort und Support? http://www.trojaner-board.com/images/smilies/koch.gif Weißt Du was Du in der freien Wirtschaft normalerweise für sofortigen Support zahlst? http://www.trojaner-board.com/images/smilies/schrei.gif Mit Nachtzuschlag? Was hast Du nur für ein freundliches Anspruchsdenken! DU hast DEINEN PC versaut und vollkommen unbekannte Menschen sollen jetzt für DICH hupfen? Na hoffentlich bekommen sie wenigsten mal einen Dank dafür. Laß Dir dies mal bitte (bis heute abend) durch den Kopf gehen. *grml* (mich langsam wieder abreg) |
hallo, ich habe jotti noch einmal durchlaufen lassen und hoffe dieses mal richtig, es wäre nett wenn ihr nochmal drüber schauen würdet. danke fredi Jotti's malware scan 2.42 File to upload & scan: Powered by: By uploading files to this online service you agree that your files will be stored locally for personal virus collection interests. Furthermore: this service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, I cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Also, I am aware of the implications of a setup like this. I am sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). I am aware, in spite of efforts to proactively counter these, false positives might occur, for example. I do not consider this a very big issue, so please do not e-mail me about it. This is a simple online scan service, not the university of Wichita (however, manual correction is performed on a regular basis). Although I try to keep these results as accurate as humanly possible, the only viable conclusion to be drawn here: "100% protection" is a myth. Scanning can take quite a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware. This service costs me money. Server hardware, undonated scanner licenses, (backup) power etc... If you feel this service is useful, please consider a (small) donation so I can keep the service level up! Server hardware sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., and some people who prefer to remain anonymous... many thanks to all! Service load: 0% 100% File: logon.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: None AntiVir TR/Dldr.VB.fi (0.15 seconds taken) Avast No viruses found (1.51 seconds taken) BitDefender Trojan.Downloader.VB.FI (0.37 seconds taken) ClamAV Trojan.Downloader.VB-16 (0.42 seconds taken) Dr.Web Trojan.DownLoader.1413 (0.56 seconds taken) F-Prot Antivirus No viruses found (0.07 seconds taken) Kaspersky Anti-Virus Trojan-Downloader.Win32.VB.fi (0.67 seconds taken) mks_vir Trojan.Downloader.Vb.Fi (0.21 seconds taken) NOD32 Win32/TrojanDownloader.VB.NAH (0.39 seconds taken) Norman Virus Control No viruses found (0.43 seconds taken) Statistics Last piece of malware found was Boxed.gen in install.exe, detected by: Scanner Malware name Time taken AntiVir Worm/Robobot 0.16 seconds Avast X 1.51 seconds BitDefender X 2.12 seconds ClamAV X 0.39 seconds Dr.Web Trojan.Proxy.106 0.56 seconds F-Prot Antivirus X 0.36 seconds Kaspersky Anti-Virus Trojan-Proxy.Win32.Agent.cw 0.70 seconds mks_vir Win32.4 0.23 seconds NOD32 Win32/Webus.C 0.38 seconds Norman Virus Control Boxed.gen 0.15 seconds Service statistics: 10875 files (7518 of those unique) have been uploaded & scanned since 17/01/2005, the day of the last database purge. 2155 of those 7518 files contained a virus or any other form of malware. This page has been visited 19883 times in this time period. This service managed to spot 173 pieces of malware no vendor used knew about at the time of uploading. The service also warned against 1225 suspicious files without any help from scanner results. However, 21 files reported to be OK were found out to be malware later (this is checked daily). As far as can be told, all this together makes this service 99.72% accurate. However, since it is very well possible malware has been uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism. No I am not sitting still! A new, better version of this service is being developed. If you have suggestions and/or comments, please send me them! Most popular malware: Rank Malware name Uploaded Last known filename 1 trojan.spy.agent.y 101 times BadgerAB.zip 2 worm/robobot 87 times install.exe 3 worm/wurmark.d.2.1 50 times logoner.zip 4 behaveslike:win32.explorerhijack 49 times r00t--Undetected.exe 5 backdoor.win32.rbot.gen 43 times RBot--Undetected.exe 6 win32.hllw.mybot.based 41 times yeah.exe 7 trojan.downloader.istbar.er 41 times Uninstall.exe 8 win32:trojan-gen. {other} 30 times Backdoor.Haxdoor 9 tr/small.cr 28 times sdvdrip_Regpatch.exe 10 behaveslike:trojan.downloader 24 times project1.exe 11 win32.hllw.mybot 22 times navprotect.exe 12 trojan.downloader.stubby.c 21 times farmmext.exe 13 trojan.unremote.a 20 times aimbot.zip 14 tr/psw.ldpinch.jm1 20 times pornofoto.jpg___________________________________________________________________________________.exe 15 bds/optix.pro.13.28 18 times Kopie_von_Setup.exe Virus definitions are updated every hour. Please do not upload tons of megabytes to this online scanner and download a decent anti virus package yourself. There is a 10Mb limit per file. Use this if you need to be sure a file is uninfected and you don't trust your own environment. Really abusive people will get a nice iptables -j DROP rule on this machine, which is not available in your local store. ABUSE OF THIS SERVICE (INCLUDING UPLOADING DELIBERATELY MODIFIED -PACKED/ENCRYPTED/BYTESWAPPED- VERSIONS OF THE SAME SAMPLE) WILL RESULT IN AN IP BAN. Please do not ask for any of these viruses, unless you work for an anti-virus vendor. They are not for trade. Changelog - Frequently Asked Questions Feedback/comments/questions/false positive reports Copyright (C) Jordi Bosveld 2004-2005 |
Hallo, da es sich zum Teil um Backdoor Trojaner handelt,musst du das System von dir neu aufsetzen,les dazu auch den folgenden Link von Cidre genau http://trojaner-board.de/showthread.php?t=12154 Gruss |
danke, das hatte ich schon befürchtet :( meine frau hat heute den rechner mit norton antivirus gescannt und norton hat nichts gefunden. obwohl wir die von escan gefundenen viren nicht gelöscht haben, ist der norton so unzuverlässig? oder sind die viren so gut getarnt? gruß fredi |
Zitat:
Da ist sogar ein Freetool wie AVG "zuverlässiger"! Auch hier gilt,man soll sich niemals auf irgendeine Sicherheitssoftware verlassen! Brain 2.0 oder höher ist meistens besser... ;) |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:51 Uhr. |
Copyright ©2000-2025, Trojaner-Board