Выбор бесплатного антивируса

zeroua · Конфигурация компьютера

Pili, спасибо будет интересно почитать

З.Ы. может есть ещё что-то почитать...

Ну а теперь про

Цитата Pili:

з неплохих бесплатных Comodo Firewall - недавно тестировал в закр. разделе VI на Elementary PDM tests, 15 тестов пройдено, 1 провелен, но это по тесту, где действие и не должно контролироваться фаерволом (добавление ADS потока - файловая операция) »

В процессе сканирования системы Comodo Firewall были обнаружены TrojWare.Win32.StartPage(StrongDC__v.2.21.exe) и Unclassified Malware(PCW_server_buttons.exe)... результаты проверки файлов на virustotal.com:

StrongDC__v.2.21.exe

Код:

Файл StrongDC__v.2.21.exe получен 2009.01.18 16:11:44 (CET)
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.73	2009.01.18	-
AhnLab-V3	2009.1.15.0	2009.01.17	-
AntiVir	7.9.0.57	2009.01.18	-
Authentium	5.1.0.4	2009.01.17	-
Avast	4.8.1281.0	2009.01.16	-
AVG	8.0.0.229	2009.01.18	-
BitDefender	7.2	2009.01.18	-
CAT-QuickHeal	10.00	2009.01.17	-
ClamAV	0.94.1	2009.01.18	-
Comodo	935	2009.01.18	TrojWare.Win32.PSW.OnlineGame.~FM
DrWeb	4.44.0.09170	2009.01.18	-
eSafe	7.0.17.0	2009.01.18	-
eTrust-Vet	31.6.6312	2009.01.17	-
F-Prot	4.4.4.56	2009.01.17	-
F-Secure	8.0.14470.0	2009.01.18	-
Fortinet	3.117.0.0	2009.01.15	-
GData	19	2009.01.18	-
Ikarus	T3.1.1.45.0	2009.01.18	-
K7AntiVirus	7.10.594	2009.01.17	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.01.18	-
McAfee	5498	2009.01.17	-
McAfee+Artemis	5498	2009.01.17	-
Microsoft	1.4205	2009.01.18	-
NOD32	3774	2009.01.17	-
Norman	5.93.01	2009.01.16	-
nProtect	2009.1.8.0	2009.01.16	Trojan/W32.Qhost.533041
Panda	9.5.1.2	2009.01.18	-
PCTools	4.4.2.0	2009.01.18	-
Prevx1	V2	2009.01.18	-
Rising	21.12.62.00	2009.01.18	-
SecureWeb-Gateway	6.7.6	2009.01.18	-
Sophos	4.37.0	2009.01.18	-
Sunbelt	3.2.1835.2	2009.01.16	-
Symantec	10	2009.01.18	-
TheHacker	6.3.1.5.222	2009.01.17	-
TrendMicro	8.700.0.1004	2009.01.16	-
VBA32	3.12.8.10	2009.01.17	-
ViRobot	2009.1.17.1563	2009.01.17	-
VirusBuster	4.5.11.0	2009.01.18	-
Дополнительная информация
File size: 5613979 bytes
MD5...: 4abeecd6b0ac3a5ee4a02b6c3f25fa90
SHA1..: eb880f0c466a996d71716e8c410c6512ca2402f9
SHA256: 9f5ad9b1d965193c411026eb3f93f3adea776e88478ebbdcb68fa443626b7cd2
SHA512: 328a201c761dd63d33325ef130ae21d0e24551c9dc1dd335fdaa0a97a470752c<br>4f2aac9e5a837443b79d7448381ecd56ece9b9fe90bbc4143796e5784fde7878<br>
ssdeep: 98304:OdYQ3LfNhGxgtkYwf1BQKO6+Rgnzya3KbJfQjJPwFR9BQgwKdfDz:Ob3LT<br>RwffPEOGa3KbxsIFRjQcfP<br>
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
TrID..: File type identification<br>InstallShield setup (53.8%)<br>Win32 Executable Delphi generic (18.3%)<br>Win32 Executable Generic (10.6%)<br>Win32 Dynamic Link Library (generic) (9.4%)<br>Win16/32 Executable Delphi generic (2.5%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x417de0<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x16e44 0x17000 6.45 e27b030008304239b7164145b3f51744<br>DATA 0x18000 0x700 0x800 3.19 22c2125508951e55c9f7304c58804faf<br>BSS 0x19000 0x8ad 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x1a000 0x14d0 0x1600 4.79 08b2ec6b7f09cb82de12e663d8041976<br>.tls 0x1c000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x1d000 0x18 0x200 0.20 17291f4d14f4488dcc09f44b431f3d22<br>.reloc 0x1e000 0x11c4 0x1200 6.70 c6aec7ca10da40ac288033bc4bdfc126<br>.rsrc 0x20000 0x1cfc 0x1e00 4.77 5d7654507e00844c49972d46d302c343<br><br>( 16 imports ) <br>> kernel32.dll: GetCurrentThreadId, WideCharToMultiByte, ExitProcess, UnhandledExceptionFilter, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, FreeLibrary, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen<br>> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumKeyExA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, AdjustTokenPrivileges<br>> kernel32.dll: WritePrivateProfileStringA, WriteFile, WinExec, WaitForSingleObject, TerminateProcess, Sleep, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReadFile, OpenProcess, MultiByteToWideChar, LocalFileTimeToFileTime, LoadLibraryA, GlobalFree, GlobalAlloc, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTimeFormatA, GetTempPathA, GetSystemDirectoryA, GetShortPathNameA, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLastError, GetFullPathNameA, GetFileTime, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThread, GetCurrentProcess, GetComputerNameA, GetCommandLineA, FreeLibrary, FormatMessageA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, ExpandEnvironmentStringsA, DosDateTimeToFileTime, DeleteFileA, CreateFileA, CreateDirectoryA, CompareStringA, CloseHandle<br>> gdi32.dll: StretchDIBits, StretchBlt, SetWindowOrgEx, SetTextColor, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetDIBits, SetBrushOrgEx, SetBkMode, SetBkColor, SelectObject, SaveDC, RestoreDC, OffsetRgn, MoveToEx, IntersectClipRect, GetTextExtentPoint32A, GetStockObject, GetPixel, GetObjectA, GetDIBits, ExtSelectClipRgn, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreateFontIndirectA, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CombineRgn, BitBlt, AddFontResourceA<br>> user32.dll: wvsprintfA, WaitMessage, ValidateRect, TranslateMessage, ShowWindow, SetWindowPos, SetWindowLongA, SetTimer, SetPropA, SetParent, SetForegroundWindow, SetFocus, SetCursor, SendMessageA, ScreenToClient, RemovePropA, ReleaseDC, RegisterClassA, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, MessageBoxA, LoadIconA, LoadCursorA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsIconic, InvalidateRect, GetWindowTextLengthA, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowLongA, GetWindowDC, GetUpdateRgn, GetSystemMetrics, GetSystemMenu, GetSysColor, GetPropA, GetParent, GetWindow, GetKeyState, GetFocus, GetDCEx, GetDC, GetCursorPos, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, FindWindowA, FillRect, ExitWindowsEx, EnumWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextA, DrawIcon, DispatchMessageA, DestroyWindow, DestroyIcon, DeleteMenu, DefWindowProcA, CopyImage, ClientToScreen, CheckRadioButton, CallWindowProcA, BeginPaint, CharLowerBuffA<br>> winmm.dll: timeKillEvent, timeSetEvent<br>> user32.dll: CreateWindowExA<br>> oleaut32.dll: SysAllocStringLen<br>> ole32.dll: OleInitialize<br>> comctl32.dll: ImageList_Draw, ImageList_SetBkColor, ImageList_Create, InitCommonControls<br>> shell32.dll: SHGetFileInfoA<br>> shell32.dll: ShellExecuteExA, ShellExecuteA<br>> cabinet.dll: FDIDestroy, FDICopy, FDICreate<br>> ole32.dll: OleInitialize, CoTaskMemFree, CoCreateInstance, CoUninitialize, CoInitialize<br>> shell32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHChangeNotify, SHBrowseForFolderA<br><br>( 0 exports ) <br>

PCW_server_buttons.exe:

Код:

Файл PCW_server_buttons.exe получен 2009.01.18 16:28:00 (CET)
Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.73	2009.01.18	-
AhnLab-V3	2009.1.15.0	2009.01.17	-
AntiVir	7.9.0.57	2009.01.18	-
Authentium	5.1.0.4	2009.01.17	-
Avast	4.8.1281.0	2009.01.16	-
AVG	8.0.0.229	2009.01.18	-
BitDefender	7.2	2009.01.18	-
CAT-QuickHeal	10.00	2009.01.17	-
ClamAV	0.94.1	2009.01.18	Trojan.Startpage-656
Comodo	935	2009.01.18	Unclassified Malware
DrWeb	4.44.0.09170	2009.01.18	-
eSafe	7.0.17.0	2009.01.18	-
eTrust-Vet	31.6.6312	2009.01.17	-
F-Prot	4.4.4.56	2009.01.17	-
F-Secure	8.0.14470.0	2009.01.18	-
Fortinet	3.117.0.0	2009.01.15	-
GData	19	2009.01.18	-
Ikarus	T3.1.1.45.0	2009.01.18	-
K7AntiVirus	7.10.594	2009.01.17	-
Kaspersky	7.0.0.125	2009.01.18	-
McAfee	5498	2009.01.17	-
McAfee+Artemis	5498	2009.01.17	-
Microsoft	1.4205	2009.01.18	-
NOD32	3774	2009.01.17	-
Norman	5.93.01	2009.01.16	-
nProtect	2009.1.8.0	2009.01.16	Trojan/W32.StartPage.139231
Panda	9.5.1.2	2009.01.18	-
PCTools	4.4.2.0	2009.01.18	-
Prevx1	V2	2009.01.18	Malicious Software
Rising	21.12.62.00	2009.01.18	-
SecureWeb-Gateway	6.7.6	2009.01.18	-
Sophos	4.37.0	2009.01.18	-
Sunbelt	3.2.1835.2	2009.01.16	-
Symantec	10	2009.01.18	-
TheHacker	6.3.1.5.222	2009.01.17	-
TrendMicro	8.700.0.1004	2009.01.16	-
VBA32	3.12.8.10	2009.01.17	-
ViRobot	2009.1.17.1563	2009.01.17	-
VirusBuster	4.5.11.0	2009.01.18	-
Дополнительная информация
File size: 332091 bytes
MD5...: bffc127d19d0037d5927b914c32f90f9
SHA1..: a06dad82e1a3e3f4e34943d049468f3ba4020453
SHA256: ba2290700ac886c4a75ff8789c26a1243e7734f7a298b282172c0cc5fcf2e801
SHA512: a5c3c9dcab6cbce0712eee549983e91e1f8ed505dd951e32ce38f8e55556c699<br>0fc69717af4315c572c8752230e9f965a4f0ef3bd3a4846dd8a2261e22aa914f<br>
ssdeep: 3072:VBAp5XhKpN4eOyVTGfhEClj8jTk+0hjp23VWh1CegeySfBFIDtgLE0kgr/N<br>3cJCx:wbXE9OiTGfhEClq9wksy4GgYt8+tgeYd<br>
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft
TrID..: File type identification<br>Win32 Executable Delphi generic (50.1%)<br>Win32 Executable Generic (29.1%)<br>Win16/32 Executable Delphi generic (7.0%)<br>Generic Win/DOS Executable (6.8%)<br>DOS Executable Generic (6.8%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x417d64<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x16dc8 0x16e00 6.47 b770c7f279eb9fc26ac4a87d2b12ac8f<br>DATA 0x18000 0x700 0x800 3.18 c4c19ca9e500cb531e93a6fc31dcb110<br>BSS 0x19000 0x8a9 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x1a000 0x14d0 0x1600 4.79 08b2ec6b7f09cb82de12e663d8041976<br>.tls 0x1c000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x1d000 0x18 0x200 0.20 17291f4d14f4488dcc09f44b431f3d22<br>.reloc 0x1e000 0x11c0 0x1200 6.71 68baacd130dcf39d09b27606b341bb93<br>.rsrc 0x20000 0x28394 0x28400 6.30 cc0ec3cba37e7d6f9a4ac3be1cd2eae4<br><br>( 16 imports ) <br>> kernel32.dll: GetCurrentThreadId, WideCharToMultiByte, ExitProcess, UnhandledExceptionFilter, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, FreeLibrary, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen<br>> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumKeyExA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, AdjustTokenPrivileges<br>> kernel32.dll: WritePrivateProfileStringA, WriteFile, WinExec, WaitForSingleObject, TerminateProcess, Sleep, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReadFile, OpenProcess, MultiByteToWideChar, LocalFileTimeToFileTime, LoadLibraryA, GlobalFree, GlobalAlloc, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTimeFormatA, GetTempPathA, GetSystemDirectoryA, GetShortPathNameA, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLastError, GetFullPathNameA, GetFileTime, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThread, GetCurrentProcess, GetComputerNameA, GetCommandLineA, FreeLibrary, FormatMessageA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, ExpandEnvironmentStringsA, DosDateTimeToFileTime, DeleteFileA, CreateFileA, CreateDirectoryA, CompareStringA, CloseHandle<br>> gdi32.dll: StretchDIBits, StretchBlt, SetWindowOrgEx, SetTextColor, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetDIBits, SetBrushOrgEx, SetBkMode, SetBkColor, SelectObject, SaveDC, RestoreDC, OffsetRgn, MoveToEx, IntersectClipRect, GetTextExtentPoint32A, GetStockObject, GetPixel, GetObjectA, GetDIBits, ExtSelectClipRgn, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreateFontIndirectA, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CombineRgn, BitBlt, AddFontResourceA<br>> user32.dll: wvsprintfA, WaitMessage, ValidateRect, TranslateMessage, ShowWindow, SetWindowPos, SetWindowLongA, SetTimer, SetPropA, SetParent, SetForegroundWindow, SetFocus, SetCursor, SendMessageA, ScreenToClient, RemovePropA, ReleaseDC, RegisterClassA, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, MessageBoxA, LoadIconA, LoadCursorA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsIconic, InvalidateRect, GetWindowTextLengthA, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowLongA, GetWindowDC, GetUpdateRgn, GetSystemMetrics, GetSystemMenu, GetSysColor, GetPropA, GetParent, GetWindow, GetKeyState, GetFocus, GetDCEx, GetDC, GetCursorPos, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, FindWindowA, FillRect, ExitWindowsEx, EnumWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextA, DrawIcon, DispatchMessageA, DestroyWindow, DestroyIcon, DeleteMenu, DefWindowProcA, CopyImage, ClientToScreen, CheckRadioButton, CallWindowProcA, BeginPaint, CharLowerBuffA<br>> winmm.dll: timeKillEvent, timeSetEvent<br>> user32.dll: CreateWindowExA<br>> oleaut32.dll: SysAllocStringLen<br>> ole32.dll: OleInitialize<br>> comctl32.dll: ImageList_Draw, ImageList_SetBkColor, ImageList_Create, InitCommonControls<br>> shell32.dll: SHGetFileInfoA<br>> shell32.dll: ShellExecuteExA, ShellExecuteA<br>> cabinet.dll: FDIDestroy, FDICopy, FDICreate<br>> ole32.dll: OleInitialize, CoTaskMemFree, CoCreateInstance, CoUninitialize, CoInitialize<br>> shell32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHChangeNotify, SHBrowseForFolderA<br><br>( 0 exports ) <br>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7F7BEA853B4B11351101054218A7B800284C143D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7F7BEA853B4B11351101054218A7B800284C143D</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=bffc127d19d0037d5927b914c32f90f9' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=bffc127d19d0037d5927b914c32f90f9</a>

З.Ы. Смахивает на ложное срабатывание... или я не прав ?