Running for the first time cis5 av, and thus analysing before all disks:
http://brucine.hostoi.com/online/analyse.jpg
Let’s try to be fair:
I have 2 disks.
First one:
- system partition C: winxp, cis3, avira
-program partition E:
-data partition F: with a folder for security tests
Second one:
-system partition D: winxp, cis 5 with av (at the day speaking, testing partition)
-software and movies backup partition G:
-data backup partition H: saving F:, some program settings (Firefox…), desktop, and G: software.
So, let’s substract:
-half a dozen of cracks both in G: and H: (i don’t know why i keep them, i don’t even use the related software…)
-whatever is written both in G: and H: and F: and D: (security tests).
Still a quite huge result (everything in upper case and urls are from me):
POC FOR DLL EXPLOIT DOWNLOADED FROM COMODO FORUM
D:!MenusXP\Communiquer\securite\tests\suckme\suckme.lnk
TrojWare.Win32.Trojan.Agent.~KUE@113979836
D:!MenusXP\Communiquer\securite\tests\suckme\dll.dll
TrojWare.Win32.DDoS.Ataker.a@5658317
FOUNDSTONE SECURITY TOOLS AT: Antivirus, VPN, Identity & Privacy Protection | McAfee
D:!MenusXP\Communiquer\securite\tests\foundstone\attacker\attacker.exe
UnclassifiedMalware@8382266
D:!MenusXP\Communiquer\securite\tests\foundstone\boping\boping.exe
UnclassifiedMalware@8426481
D:!MenusXP\Communiquer\securite\tests\foundstone\ddosping\ddosping.exe
UnclassifiedMalware@8337381
D:!MenusXP\Communiquer\securite\tests\foundstone\dsscan\DSScan.exe
ApplicUnsaf.Win32.Exploit.MSNScan.105@5281989
D:!MenusXP\Communiquer\securite\tests\foundstone\messengerscan\MessengerScan.exe
Application.Win32.RiskWare.NetSchedScan.c@5470356
D:!MenusXP\Communiquer\securite\tests\foundstone\mydoomscanner\MyDoomScanner.exe
UnclassifiedMalware@8720753
D:!MenusXP\Communiquer\securite\tests\foundstone\rpcscan2\RPCScan2.exe
TrojWare.Win32.TrojanProxy.Horst.anm@5268767
D:!MenusXP\Communiquer\securite\tests\foundstone\MS05039Scan\MS05039Scan.exe
UnclassifiedMalware@6532667
D:!MenusXP\Communiquer\securite\tests\foundstone\netschedscan\NetSchedScan.exe
Application.Win32.LeakTest.~B@124754821
CLT: NO COMMENT
D:!MenusXP\Communiquer\securite\tests\CLT\clt.exe
PC FLANK LEAKTESTS AND OTHERS AS PER: Downloadable Security Tests Web Testing Firewall Security Software
Application.Win32.LeakTest.PCFlank@6745921
D:!MenusXP\Communiquer\securite\tests\leaktests\PCFlankLeaktest.exe
ApplicUnwnt.Win32.Leaktest.Yalta@129329
D:!MenusXP\Communiquer\securite\tests\leaktests\YALTA\Yalta.exe
UnclassifiedMalware@16724921
D:!MenusXP\Communiquer\securite\tests\leaktests\Runner\lt-runner.exe
Application.Win32.LeakTest.~A@8386990
D:!MenusXP\Communiquer\securite\tests\leaktests\LeakTest\leaktest.exe
ApplicUnwnt.Win32.Leaktest.Ghost@57119
D:!MenusXP\Communiquer\securite\tests\leaktests\Ghost\Ghost.exe
ApplicUnwnt.Win32.Leaktest.PCAudit@113298
D:!MenusXP\Communiquer\securite\tests\leaktests\pcAudit2\pcaudit2.exe
Application.Win32.LeakTest.~FPR@8073497
D:!MenusXP\Communiquer\securite\tests\leaktests\FPR\lt-fpr.exe
Application.Win32.LeakTest.~FPR@9458817
D:!MenusXP\Communiquer\securite\tests\leaktests\FPR\surfload.exe
Application.Win32.LeakTest.~FPR@9459550
D:!MenusXP\Communiquer\securite\tests\leaktests\FPR\tlsdll.dll
ApplicUnsaf.Win32.DemoLeakTest@114161
D:!MenusXP\Communiquer\securite\tests\leaktests\FireHole\firehole.exe
TrojWare.Win32.TrojanNotifier.Small.A@95911
D:!MenusXP\Communiquer\securite\tests\leaktests\FireHole\FireDLL.dll
Application.Win32.LeakTest.DNStester@9063836
D:!MenusXP\Communiquer\securite\tests\leaktests\DNStester\dnstester.exe
Application.Win32.LeakTest.DNS@5469839
D:!MenusXP\Communiquer\securite\tests\leaktests\DNStest\dnstest.exe
Application.Win32.LeakTest.~TMZ@117030963
CPIL: NO COMMENT
D:!MenusXP\Communiquer\securite\tests\leaktests\CPILSuite\cpil.dll
Application.Win32.LeakText.~TMY@117030909
D:!MenusXP\Communiquer\securite\tests\leaktests\CPILSuite\cpil.exe
Application.Win32.LeakTest.~dmd@117030827
D:!MenusXP\Communiquer\securite\tests\leaktests\CPILSuite\CPIL3.dll
Application.Win32.LeakTest.~dmd@117030827
D:!MenusXP\Communiquer\securite\tests\leaktests\CPILSuite\CPIL2.dll
Application.Win32.LeakTest.~TMZ@117030963
D:!MenusXP\Communiquer\securite\tests\leaktests\CPIL\cpil.dll
ApplicUnwnt.Win32.Leaktest.CopyCat@187034
D:!MenusXP\Communiquer\securite\tests\leaktests\CopyCat\copycat.exe
Application.Win32.LeakTest.~Coat@9445235
D:!MenusXP\Communiquer\securite\tests\leaktests\Coat\lt-coat.exe
Application.Win32.LeakTest.~BO@150509
D:!MenusXP\Communiquer\securite\tests\leaktests\Breakout2\breakout-wp.exe
TrojWare.Win32.TrojanClicker.Small.IP@116211
D:!MenusXP\Communiquer\securite\tests\leaktests\Breakout\breakout-ie.exe
TrojWare.Win32.Agent.OC@6495815
D:!MenusXP\Communiquer\securite\tests\leaktests\Breakout\breakout-mz.exe
Application.Win32.LeakTest.~FPR@9460415
D:!MenusXP\Communiquer\securite\tests\leaktests\FPR\lt-fpr-b.exe
Application.Win32.LeakTest.dmc@117030777
D:!MenusXP\Communiquer\securite\tests\leaktests\CPILSuite\CPILSuite.exe
Application.Win32.LeakTest.AWFT@6130317
D:!MenusXP\Communiquer\securite\tests\leaktests\AWFT\setup.exe
Application.Win32.Reboot.~A@15679335
SPECIFIC MALWARE REMOVING TOOLS
D:!MenusXP\Communiquer\securite\SmitfraudFix\Reboot.exe
TrojWare.Win32.Shutdowner.~A@359948
D:!MenusXP\Communiquer\securite\SmitfraudFix\restart.exe
UnclassifiedMalware@22132825
D:!MenusXP\Communiquer\securite\vundo\VirtumundoBeGone.exe
UnclassifiedMalware@18063747
D:!MenusXP\Communiquer\securite\SmitfraudFix\SmitfraudFix.exe
Application.Win32.Reboot.~A@15679335
SYSINTERNAL UTILITY
G:\logs\util\shutdown\pskill\pskill.exe
UnclassifiedMalware@8325343
KILL PROCESS COMMAND LINE EXE (ORIGIN NOT REMEMBERED)
G:\logs\util\kill\KILL.EXE
UnclassifiedMalware@8335931
BASE 64 DECODER: Elcro.com is for sale | HugeDomains
G:\logs\util\base64\setup.exe
UnclassifiedMalware@14921316
DAEMON TOOLS
G:\logs\softwindows\virtualdrive\daemon-tools_daemon_tools_4.12.2_anglais_10729.exe
UnclassifiedMalware@8425079
RECOVERING LOST PASSWORD: SAM iNSIDE DEMO
G:\logs\softwindows\securite\passnt\saminside\Tools\GetHashes.exe
UnclassifiedMalware@8812127
G:\logs\softwindows\securite\passnt\saminside\Tools\GetSyskey.exe
UnclassifiedMalware@8812124
G:\logs\softwindows\securite\passnt\saminside\SAMInside.exe
Application.Win32.HackTool.PWDump.~C@919418
REVOVERING LOST PASSWORD: LCP504EN AT: LCPSoft
G:\logs\softwindows\securite\passnt\lcp504en\Data\pwdump3e\LsaExt.dll
Application.Win32.HackTool.PWDump.~A@919331
G:\logs\softwindows\securite\passnt\lcp504en\Data\pwdump3e\pwservice.exe
ApplicUnsaf.Win32.PSWTool.PWDump3@118026
G:\logs\softwindows\securite\passnt\lcp504en\Data\pwdump3\pwservice.exe
Application.Win32.HackTool.PWDump.~B@919332
G:\logs\softwindows\securite\passnt\lcp504en\Data\pwdump2-orig\samdump.dll
ApplicUnsaf.Win32.PSWTool.PWDump.k@5384483
G:\logs\softwindows\securite\passnt\lcp504en\Data\pwdump2\samdump.dll
UnclassifiedMalware@8390553
FOLDER LOCK 6.1.2 FOR USB ENCRYPTION: ONLY LAST VERSION 6.4.2, E.G. AT: http://www.brothersoft.com/folder-lock-246809.html
G:\logs\softwindows\securite\cryptographie\Folder Lock 6.1.2\folder-lock-dn.exe
UnclassifiedMalware@22132825
THE BAT! PLUGIN FOR MAIL PASSWORD RECOVERY: TBUP13.ZIP
G:\logs\softwindows\mail\thebat301pro\tbup13\tbup.exe
UnclassifiedMalware@9578986
SAME FUNCTION (ORIGIN NOT REMEMBERED)
G:\logs\softwindows\mail\password\change-forgotten-password_setup.exe
UnclassifiedMalware@9576639
STANDARD VNC
G:\logs\softwindows\controledistance\vnc\vncviewer.exe
Application.Win32.WinVNC.~B@12028414
G:\logs\softwindows\controledistance\vnc\winvnc.exe
FAMATECH RADMIN REMOTE CONTROL V2 AND V3: http://www.radmin.fr/
ApplicUnsaf.Win32.RAdmin.30@147356
G:\logs\softwindows\controledistance\radmin\radmin30b2\Radmin Viewer 3.0\Radmin.exe
UnclassifiedMalware@6542396
G:\logs\softwindows\controledistance\radmin\radmin22\RADMIN22.EXE
UnclassifiedMalware@6542396