VIRY.CZ

ssdeep
384:eswH94Z+gT87cSDxeHlxpCjkDADNZop8ZYNniy91AI1ZQSrS9E5l1wX:OHE5g7p8xQrN8niLI1ZQSeu5lG



TrID
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)




PEiD packer identifier
Armadillo v1.71



ExifTool
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 2005:04:07 14:47:39+01:00
FileType.................: Win32 EXE
PEType...................: PE32
CodeSize.................: 20480
LinkerVersion............: 6.0
EntryPoint...............: 0x1613
InitializedDataSize......: 28672
SubsystemVersion.........: 4.0
ImageVersion.............: 0.0
OSVersion................: 4.0
UninitializedDataSize....: 0



Portable Executable structural information
Compilation timedatestamp.....: 2005-04-07 13:47:39
Target machine................: Intel 386 or later processors and compatible processors
Entry point address...........: 0x00001613

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 20198 20480 6.60 f7aa46b67e4004a80db01ad39b5c4bd7
.rdata 24576 2866 4096 4.20 f3ceef6b97b6aad02714644497ad4da9
.data 28672 16700 12288 0.56 af4abe2835a3f5bf87330b627a696dbf
.rsrc 49152 192 4096 0.14 c85d6206afcdfed0fe16bdc48441d945

PE Imports....................:

[[ADVAPI32.dll]]
RegSetValueExA, RegCloseKey, RegDeleteValueA, RegCreateKeyA

[[KERNEL32.dll]]
GetLastError, HeapFree, GetStdHandle, LCMapStringW, SetHandleCount, SetEvent, LCMapStringA, HeapDestroy, ExitProcess, GetVersionExA, GetEnvironmentStringsW, FlushFileBuffers, GetModuleFileNameA, RtlUnwind, LoadLibraryA, FreeEnvironmentStringsA, GetStartupInfoA, GetEnvironmentStrings, GetCPInfo, UnhandledExceptionFilter, MultiByteToWideChar, FreeEnvironmentStringsW, GetCommandLineA, GetProcAddress, SetStdHandle, SetFilePointer, WideCharToMultiByte, GetStringTypeA, GetModuleHandleA, WriteFile, GetCurrentProcess, CloseHandle, GetACP, HeapReAlloc, GetStringTypeW, GetOEMCP, TerminateProcess, GetEnvironmentVariableA, HeapCreate, VirtualFree, CreateEventA, GetFileType, HeapAlloc, GetVersion, VirtualAlloc

[[ole32.dll]]
CoInitializeEx, CoUninitialize

[[USER32.dll]]
GetMessageA, CreateWindowExA, LoadCursorA, LoadIconA, LoadStringA, DispatchMessageA, TranslateAcceleratorA, PostQuitMessage, TranslateMessage, DefWindowProcA, RegisterClassExA

[[DDRAW.dll]]
DirectDrawCreateEx

PE Resources..................:

Resource type Number of resources
RT_STRING 1

Resource language Number of resources
CHINESE TRADITIONAL 1



Symantec Reputation
Suspicious.Insight



ClamAV PUA Engine
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.



First seen by VirusTotal
2007-02-24 16:04:15 UTC ( 6 let, 1 měsíc ago )



Last seen by VirusTotal
2013-03-29 11:20:22 UTC ( 2 minuty ago )



File names (max. 25)
1. acovcnt.exe
2. acovcnt.exo
3. 1acovcnt.exe
4. acovcnt.exe.bla
5. acovcnt.vxe
6. 92B5341C00A6C273B02B008F34ABFF0022BA03A5.exe
7. acovcnt.texe
8. DPYGMWPDRM-603.pms.exe.SVD
9. smona_aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2.bin
10. acovcnt_fuckyou.exe
11. acovcnt.ex
12. 6BCAF46E2B7FA9ACE92B4D39F3037C5C
13. acovcnt.ex_
14. 6bcaf46e2b7fa9ace92b4d39f3037c5c6d5a81e3cf59832d73f28d6e87f51d073c3e409545056.exe
15. acovcnt.exe
16. acovcnt.exe
17. acovcnt.exe_txt
18. acovcnt.exe
19. acovcnt.ex0
20. s
21. acovcnt.exe
22. acovcnt.exe
23. acovcnt.exe_

Dobrý den, notebook se nějak zrychlil ani nevím jak. Akorat se musí nechat nabehnout asi 2 minutky a pak funguje bezproblemu. Děkuji za pomoc.

Z toho nejak nepoznam, jaky to melo vysledek. Nasly antiviry neco? Nebo byl soubor cisty?

Byl čistý. Internet jede v pohodě je rychlý, až na to že jede chvíly a pak nejede vubec. Asi bude problem někde jinde než softwarový. protože jsme zkoušely restartovat Wifi a fungoval bez probelmu a po chvili internet nefungoval. Takže ted budem zkoušet router. Děkuji za pomoc.

zeleninka100 píše:Asi bude problem někde jinde než softwarový

Vypada to tak, ale u pc clovek nikdy nevi, je to pekelny stroj

Docistime log z CF


Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )
Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku




28.4.2013 pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975