Ответов

[NecromLord]

KIS 8 видит в ярлыках freya-start.exe и freya-start2.exe троян Trojan-PSW.Win32.LdPinch.agop. Естественно касперский их сразу удаляет(т.к. вылечить их не удается). Трояны лежат в rusro-freya-2009.exe (патч, настраивающий на сервер Фрея). Что делать? Поиграть хочу, но в игру зайти не могу т.к. ярлыков нету.

[oNLik]

Файл rerun.#XL
a-squared 4.5.0.24 2009.09.30 Trojan-Dropper.Win32.Delf!IK
AhnLab-V3 5.0.0.2 2009.09.30 -
AntiVir 7.9.1.27 2009.09.30 -
Antiy-AVL 2.0.3.7 2009.09.30 -
Authentium 5.1.2.4 2009.09.30 W32/Dropper.IKR
Avast 4.8.1351.0 2009.09.30 -
AVG 8.5.0.412 2009.09.30 -
BitDefender 7.2 2009.09.30 -
CAT-QuickHeal 10.00 2009.09.30 Trojan.Agent.IRC
ClamAV 0.94.1 2009.09.30 -
Comodo 2475 2009.09.30 TrojWare.Win32.Trojan.Delf.~AXA
DrWeb 5.0.0.12182 2009.09.30 Trojan.MulDrop.32453
eSafe 7.0.17.0 2009.09.30 -
eTrust-Vet 31.6.6770 2009.09.30 Win32/SillyAutorun.BER
F-Prot 4.5.1.85 2009.09.30 W32/Dropper.IKR
F-Secure 8.0.14470.0 2009.09.30 -
Fortinet 3.120.0.0 2009.09.30 -
GData 19 2009.09.30 -
Ikarus T3.1.1.72.0 2009.09.30 Trojan-Dropper.Win32.Delf
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.857 2009.09.30 Trojan.BAT.KillFiles.hr
Kaspersky 7.0.0.125 2009.09.30 -
McAfee 5757 2009.09.30 -
McAfee+Artemis 5757 2009.09.30 Artemis!E236B6287A53
McAfee-GW-Edition 6.8.5 2009.09.30 Heuristic.LooksLike.Win32.Suspicious.H
Microsoft 1.5005 2009.09.30 -
NOD32 4471 2009.09.30 -
Norman 6.01.09 2009.09.30 -
nProtect 2009.1.8.0 2009.09.30 Trojan/W32.Agent.71168.I
Panda 10.0.2.2 2009.09.30 -
PCTools 4.4.2.0 2009.09.30 -
Prevx 3.0 2009.09.30 -
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.09.30 -
Sunbelt 3.2.1858.2 2009.09.30 -
Symantec 1.4.4.12 2009.09.30 -
TheHacker 6.5.0.2.023 2009.09.30 -
TrendMicro 8.950.0.1094 2009.09.30 WORM_AGENT.BA
VBA32 3.12.10.11 2009.09.30 -
ViRobot 2009.9.30.1965 2009.09.30 Dropper.Delf.71168
VirusBuster 4.6.5.0 2009.09.30 -
Дополнительная информация
File size: 71168 bytes
MD5 : e236b6287a53c779dc38aff4ed08d0ca
SHA1 : e87e15667dbeb8a385b36614f31aa2388e8496d5
SHA256: 5ca369fbd7c28bed835b2075608c527b6ecd470bbfbfec9b6d9991305f5823c3
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xCEBC
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0xC690 0xC800 6.45 11ba0569dc89bfd4ef771b79c1b1016c
DATA 0xE000 0x1504 0x1600 7.35 64a1ebd87f9c1734fcdd6b3ababe5ddf
BSS 0x10000 0x2891 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x13000 0x964 0xA00 4.62 aada85118b867ec0dfa08c82796a2238
.tls 0x14000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x15000 0x18 0x200 0.21 daf26b4a75d2f94396fc4f1329739b80
.reloc 0x16000 0x12C4 0x1400 6.43 fd70868776eedef2fd4b2aacb162edd4
.rsrc 0x18000 0x136C 0x1400 3.87 668ae267e57b36c70750dac9f2ba6ca2

( 5 imports )

> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, WideCharToMultiByte, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, WriteFile, WaitForSingleObject, VirtualQuery, SizeofResource, SetFilePointer, SetFileAttributesA, SetEnvironmentVariableA, SetEndOfFile, ReadFile, LockResource, LoadResource, IsDBCSLeadByte, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetWindowsDirectoryA, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetShortPathNameA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDiskFreeSpaceA, GetCommandLineA, GetCPInfo, GetACP, FreeResource, FormatMessageA, FindResourceA, EnumCalendarInfoA, DeleteFileA, CreateProcessA, CreateFileA, CompareStringA, CloseHandle
> oleaut32.dll: SysFreeString
> shfolder.dll: SHGetFolderPathA
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA, MessageBoxA, LoadStringA, GetSystemMetrics, CharPrevA, CharNextA, CharUpperBuffA, CharToOemA

( 0 exports )
TrID : File type identification
Win32 Executable Borland Delphi 7 (96.7%)
Win32 Executable Generic (1.2%)
Win32 Dynamic Link Library (generic) (1.0%)
Win16/32 Executable Delphi generic (0.2%)
Generic Win/DOS Executable (0.2%)
ssdeep: 1536:PBYTiUI32apSTczVK5+i0bMLa+5vBGwFZBT:mmR2adBK5ybvEJGwnBT
PEiD : -
RDS : NSRL Reference Data Set
-