Hi everyone,
i already tried pretty much every program to scan this virus, nothing helped yet. I send the file to virustotal and the following was the result. If you can give me any other advice, feel free, i dont know anything else i could try.
Virustotal:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.12 Trojan.Win32.Boaxxe!IK
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.56 2010.04.12 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.12 -
Avast 4.8.1351.0 2010.04.11 Win32:Delf-HPR
Avast5 5.0.332.0 2010.04.11 Win32:Delf-HPR
AVG 9.0.0.787 2010.04.11 Clicker.AEHI
BitDefender 7.2 2010.04.12 Gen:Trojan.Heur.fmSfymUOCQni
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.12 -
Comodo 4573 2010.04.12 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.04.12 MULDROP.Trojan
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.12 -
F-Secure 9.0.15370.0 2010.04.11 Gen:Trojan.Heur.fmSfymUOCQni
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.12 Gen:Trojan.Heur.fmSfymUOCQni
Ikarus T3.1.1.80.0 2010.04.12 Trojan.Win32.Boaxxe
Jiangmin 13.0.900 2010.04.11 Trojan/Ck88866.Gen
Kaspersky 7.0.0.125 2010.04.12 -
McAfee-GW-Edition 6.8.5 2010.04.12 Heuristic.LooksLike.Trojan.Crypt.ZPACK.B
Microsoft 1.5605 2010.04.11 Trojan:Win32/Boaxxe.E
NOD32 5018 2010.04.11 probably a variant of Win32/TrojanClicker.Delf.NDG
Norman 6.04.11 2010.04.11 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.11 -
PCTools 7.0.3.5 2010.04.12 -
Prevx 3.0 2010.04.12 -
Rising 22.42.06.04 2010.04.11 -
Sophos 4.52.0 2010.04.11 -
Sunbelt 6165 2010.04.12 -
Symantec 20091.2.0.41 2010.04.12 -
TheHacker 6.5.2.0.259 2010.04.11 -
TrendMicro 9.120.0.1004 2010.04.11 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.11 -
VirusBuster 5.0.27.0 2010.04.11 -
weitere Informationen
File size: 88576 bytes
MD5…: d3683d521bedb12951e0d4aa533faa10
SHA1…: 429691cfd5cafba4d0361d86eb834431aae73826
SHA256: f8adf11d7854106cdf4fa75ab3108bb5fc19e27841410e8a0306a8cfd1cbf1a7
ssdeep: 1536:hZcTwAgx+oWH6dOYsgCRs6rFHwSqkC0/uHkIn1WYQdlgi2FEGQL9nouy8+:
357WSygMjF/JRfhout+
PEiD…: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40fa0
timedatestamp…: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype…: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x2c000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x2d000 0x15000 0x14c00 7.99 853b8e7a516908612669e805aabaa7b9
.rsrc 0x42000 0x1000 0xa00 3.08 b7e3a4779c7381c7e1ff4a6ce191c3a6
( 4 imports )
KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
advapi32.dll: FreeSid
oleaut32.dll: SysFreeString
user32.dll: wvsprintfA
( 7 exports )
DllCanUnloadNow, DllGetClassObject, Fgccfcp, DllMain, DllRegisterServer, DllUnregisterServer, ServiceMain
RDS…: NSRL Reference Data Set
pdfid.: -
trid…: UPX compressed Win32 Executable (42.6%)
Win32 EXE Yoda’s Crypter (37.0%)
Win32 Executable Generic (11.8%)
Win16/32 Executable Delphi generic (2.8%)
Generic Win/DOS Executable (2.7%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher…: SMCORPNAME Corporation
copyright…: (c) SMCORPNAME Corporation. All rights reserved.
product…: Microsoft_ Windows_ Operating System
description…: SMVERI32 DLL SMVERI32
original name: SMVERI32.dll
internal name: SMVERI32
file version.: 5.1.2600.3248
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA
packers (Avast): UPX
packers (Avast): UPX