Scut AntiVirus Solutions verfügbar, Kennt das jemand? Einstellungen

[Anar]

Ok Anar, please give me a seample on Scut AntiVirus site:
How i know i have all the variants. Are you sure it's Virut infection, Virut is infecting slowly Anar

Actually Virut is considered to be a fast infector. You may want to get your information straight. Sent you one of my infected goat files.

[Catweazle]

Hello, @ all

Very strange by me, i have not Scut AntiVirus, installed by me, only i have downloded.

a-squared Free - Version 4.5
Letztes Update: 04.11.2009 20:46:05

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Speicher, Traces, Cookies, C:\, D:\, E:\, F:\
Archiv Scan: An
Heuristik: Aus
ADS Scan: An

Scan Beginn: 04.11.2009 20:50:18

C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\Mozilla\Firefox\Profiles\ciihxqzt.default\cookies.sqlite:1257100181250000 gefunden: Trace.TrackingCookie.m.webtrends.com!A2

Gescannt

Dateien: 183798
Traces: 383986
Cookies: 3086
Prozesse: 23

Gefunden

Dateien: 0
Traces: 0
Cookies: 1
Prozesse: 0
Registry Keys: 0

Scan Ende: 04.11.2009 21:38:09
Scan Zeit: 0:47:51


Datei ScutAV_OnDemand.exe empfangen 2009.11.04 21:04:39 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 1/41 (2.44%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 2.
Geschätzte Startzeit ist zwischen 52 und 75 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.04 -
AhnLab-V3 5.0.0.2 2009.11.04 -
AntiVir 7.9.1.53 2009.11.04 -
Antiy-AVL 2.0.3.7 2009.11.04 -
Authentium 5.2.0.5 2009.11.04 -
Avast 4.8.1351.0 2009.11.04 -
AVG 8.5.0.423 2009.11.04 -
BitDefender 7.2 2009.11.04 -
CAT-QuickHeal 10.00 2009.11.04 -
ClamAV 0.94.1 2009.11.04 -
Comodo 2838 2009.11.04 -
DrWeb 5.0.0.12182 2009.11.04 -
eSafe 7.0.17.0 2009.11.04 -
eTrust-Vet 35.1.7101 2009.11.04 -
F-Prot 4.5.1.85 2009.11.04 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.04 -
GData 19 2009.11.04 -
Ikarus T3.1.1.74.0 2009.11.04 -
Jiangmin 11.0.800 2009.11.04 -
K7AntiVirus 7.10.888 2009.11.04 -
Kaspersky 7.0.0.125 2009.11.04 -
McAfee 5792 2009.11.04 -
McAfee+Artemis 5792 2009.11.04 -
McAfee-GW-Edition 6.8.5 2009.11.04 -
Microsoft 1.5202 2009.11.04 -
NOD32 4574 2009.11.04 probably a variant of Win32/Genetik
Norman 6.03.02 2009.11.04 -
nProtect 2009.1.8.0 2009.11.04 -
Panda 10.0.2.2 2009.11.04 -
PCTools 7.0.3.5 2009.11.04 -
Prevx 3.0 2009.11.04 -
Rising 21.54.24.00 2009.11.04 -
Sophos 4.47.0 2009.11.04 -
Sunbelt 3.2.1858.2 2009.11.04 -
Symantec 1.4.4.12 2009.11.04 -
TheHacker 6.5.0.2.060 2009.11.04 -
TrendMicro 9.0.0.1003 2009.11.04 -
VBA32 3.12.10.11 2009.11.04 -
ViRobot 2009.11.4.2021 2009.11.04 -
VirusBuster 4.6.5.0 2009.11.04 -
weitere Informationen
File size: 6024524 bytes
MD5...: 2c12417a8917be63047e8116153a9998
SHA1..: cfc0d82b6aa349ccd8159d06e09c488ad9e0e97b
SHA256: 3a5e2802f38312a124a7a69fd860f805f056fae67808305f0ea7b7ae50e7685a
ssdeep: 98304:LkKDCQJkBnWT+P6Kq+Hv1xF3e7oZJNahWIQLTezt3bRzIQB6gfWlJQT:bC
QaC+P8Sv1xF3e7oZOqLT6tLRzI5iWC
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9a54
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x916c 0x9200 6.56 f9c9dd3f4dceede0add0e7309253e897
DATA 0xb000 0x24c 0x400 2.73 4a56e30ca4646e6369d96abeacb0e6f0
BSS 0xc000 0xe48 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd000 0x950 0xa00 4.43 bb5485bf968b970e5ea81292af2acdba
.tls 0xe000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xf000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8b4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x3b94 0x3c00 5.33 538033c8efeced12bed8ee4c9cc4847e

( 8 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
> user32.dll: MessageBoxA
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
> kernel32.dll: WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
> user32.dll: TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
> comctl32.dll: InitCommonControls
> advapi32.dll: AdjustTokenPrivileges

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....:
copyright....: Copyright © 2009-2010 Novus Ordo l.t.d.
product......: n/a
description..: Scut AntiVirus On-Demand Setup
original name: n/a
internal name: n/a
file version.:
comments.....: This installation was built with Inno Setup.
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): ZIP

http://virusscan.jotti.org/de/scanresult/1...c0f0f3d8b9d1ed8

Who is now the Problem ???!!!

A asking Catweazle

PS: This is my Point.

Catweazle

Angehängte Datei(en)

 submit.htm ( 2.51KB ) Anzahl der Downloads: 4

 

[Virusscanner]

Sicher jetzt bin ich dran schuld Jeder andere AV und jede andere verhaltensbasierte Erkennung lügt jetzt , wenn die Sachen so ungefährlich sind dann kann ich Sie ja in etwas lustiges umbenennen und an andere Leute verschicken damit Sie diese anklicken ? Am besten wir fangen damit bei dir an und wenn du Sie nicht freiwillig anklickst zwingen wir dich mit Gewalt dazu

Ich hab schon tausende Sachen getestet , mir jetzt zu unterstellen die 100 wären nur false positives ist lächerlich und primitiv sorry...

Du verstehst Spass *freu*

Aber ich unterstelle dir ja nichts. Ich weiss auch nicht, wieviel Ahnung von Malware der Herr von Novus Ordo hat. Und dieses Scut habe ich mir ja auch gar noch nicht angesehen. Daher habe ich ja einfach mal die Frage gestellt, wie sicher du dir denn effektiv bist, dass du da auch 100 echte Schädlinge im Paket hast. Dazu müsstest du ja alle einmal installiert haben und danach das infizierte System analysiert haben. Immerhin elf Stück, oder wieviele waren's nochmal, hat ja Scut als Malware angegeben. Insofern hast du ja auch "garantiert" ein paar echte Schädlinge im Sortiment, sofern man Scut als Massstab nehmen will

Anderseits erscheint mir der Herr von Novus Ordo auch ziemlich optimistisch, was die Qualität seines noch jungen Produkts angeht. Vielleicht geht's ihm primär auch nur darum, das Produkt ins Gespräch zu bringen. Und das ist in einem Forum wie diesem ziemlich werbewirksam. Ich will ihm da aber nichts unterstellen. Vielleicht hat er auch voll den Durchblick

@MobiusScutAntiVirus

If you want some real support from people here you should think about handing out some licences for Scut Total Security 2010. In return you will get some useful feedback, I'm sure. If your product proves to be as good as you say people will most likely start to recommend it and this is the best advertisement you can get. Actually for free.
Apart from that, you might want to have another look at your website and correct all of those spelling errors. It's about building trust - and people usually do have more trust in websites that have a perfect appearance with no spelling errors at all. This is even more important if you're new to the market and still have to find a customer base. On your website you also say you can communicate in 8 languages. One of them is German. So it would surely help if a German speaking person from Novus Ordo would join the community instead.

No offense, though. I just wanted to state my p.o.v.

[MobiusScutAntiVi...]

Our policy on Scut AntiVirus is to not give false-positive. False-positive is a disgrace to the world of software security, by any expert opinion.

What are you talking in German is not fairplay, you must understand that the following list of antiviruses give many false-positive, in the following order : BitDefender,GDATA,Nod32,McAfee-GW-Edition,A-squared,eSafe,Comodo,DrWeb,eTrust-Vet,K7AntiVirus,VBA32,Fortinet,CAT-QuickHeal,AntiVir,AhnLab-V3,Authentium,AntiVir. Another security specialist may approve what I say here !

List of antivirus which will not give fals-positive, in the following order, are: Kaspersky, F-Secure, AVG, McAfee, Norman (for which I have a great respect), Panda, Symantec,Avast, Ikarus,F-Prot (a very old engine)

As the first forum that I talk ever, I was thinking since last night to give each member of the forum a Scut Total Security license. So that will be done, well understood.

[Virusscanner]

...
What are you talking in German is not fairplay...

In case you're referring to me: I think I was very fair. I didn't criticize you or Scut. To me you just seem to be very optimistic about your product. That's absolutely normal. But I also added that I can't exclude the chances of you being a top class malware specialist.

Of course false positives are annoying, but as long as we have a signature based malware recognition it's what we have to live with. Sometimes you better include a false positive and remove it later than to not include a signature and be sorry afterwards because it was a malware. So a real zero-false-positive policy is about impossible to achieve unless you want to take the risk of missing one or another malware. Because time is an important factor. And since there are plenty of new viruses spread around every day you sometimes have to make a decision. And I'd say you better include a possible false positive if you're not entirely sure at the moment.

Der Beitrag wurde von Virusscanner bearbeitet: 05.11.2009, 14:15

[xri12]

Here are my first experiences with Scut AV:

I've created a new Virtual Machine with a clean Windows Vista and installed Scut on it.
I didn't have any infected files and viruses, so I just wanted to test the programm itself and not its detection rate.
There were no problems at the installation, but just after starting Scut I got an error message:



After a few reinstallations I realised that this error message only occures when you run Scut without admin rights;
starting it with "rightclick-->run as Admin" works.
The interface is very clean and you can find everything you need in short time.
But I've seen two things which I wanted to ask you what they mean.



First these arrows in the red boxes: Should they have any functions? I can click on them but nothing happens.
Second the information in the blue box: What does this information say?
Ok and there is something else I really dont like, the green box. The updates of the download version are too old and there isn't any function which updates the signatures. How do people then get new updates from you?
Or will you just update the programm from time to time and publish the new version on your website?

At next I started a full system scan, which included a 11,3GB-partition. It took 22:17min, which is, from
my opinion, a bit long. While scanning the programm put my cpu to 95-100% load and occupied 35-45MB-RAM.
I don't know if the bad performance is a result of the virtual machine, so I will later test
it on a real machine and tell you if the performance gets better.
By the way, it did of course find no infected files.
Then I turned the scan settings to high(Use deep scan & use hardcore heuristics) and started a new full system scan.
This time it took much longer to scan the system which is understandable, but after some time,
Scut Antivirus disapeares from the desktop without a message. Sometimes after a few minutes, and once after 20minutes. I couldn't get on whole scan with these high settings and so I have to say that its very unstable with these settings.
I also noticed that the settings of Scut are being reseted everytime it is started; but that was perhaps
meant to be like that.


Now thats just what I've seen till now; today evening I will try a few more scans on an other system and also included infected files.
Btw. I've also written to ESET because of the trojan-detection from NOD32, but I didn't get an answer by now.


PS: Ja das ist ganz schön viel Text, aber ich hatte gerad Zeit weil ich auf einen Download gewartet habe^^

[MobiusScutAntiVi...]

In 30 minutes or an hour I will make the new installation kit to resolve:

1) Matters with the administrator rights on Vista and Windows7 (due to matters on vista Scut Total Security is not out yet ...)

2) I will put the new signature of the new Win32/Virut that Anar sent to the Scut AV site. Now the new version sent by Anar is called Virus.Win32.Virut.g

3) I make other signatures from malware files of a friend of the forum whose names I do not reveal, except with his acceptance.

4) I will explain the issues raised by xri12

Der Beitrag wurde von MobiusScutAntiVirus bearbeitet: 05.11.2009, 17:30

[MobiusScutAntiVi...]

So far Scut Total Security works perfectly on XP and below systems, but on Vista are some problems.

1) The matter with the Scut On-Demand scanner is known, disappears into thin air because of some functions performed in assembly language, perhaps is a buffer overflow somewhere inside the scanner.
Although is very small, the scanner (Scut On-Demand) contains 20 thousand lines of code, this will take time to catch the problem. This instability happens only on Vista systems.


2) During the scan, Scut engine uses 80% up to 99% CPU in virtual environment, which is normal.
In real environment scut engine uses 55% up to 75% CPU, which is normal.


3) Scut scans very quickly actually, remember that you are with Vista in a virtual environment system. But on the other hand when you see an antivirus which scans too fast, then something smells bad ...


4) The scanner takes 30Mb - 40MB of RAM, work that is very, very good compared to other scanners.


5) The arrows have no role, the scanner can use masks (skins) which can be changed only from the main interface of Scut Total Security or Scut AntiVirus. Remember, this is Scut On-Demand scanner.
These masks(skins) will not be placed in Scut Total Security beta, because they (the drawers) are working on it right now.

6) What is the coefficient of similarity from the antivirus settings?
For frequently asked questions press here: http://www.novusordo.ro/index.php?meniu=faq
These settings can NOT be modified from Scut On-Demand, they can only be changed from the Scut Central Interface

See the image of Scut Central Interface from tests, you are the first to see this:

Der Beitrag wurde von MobiusScutAntiVirus bearbeitet: 05.11.2009, 20:24

Angehängte Datei(en)

 untitled.JPG ( 79.73KB ) Anzahl der Downloads: 21

 

[MobiusScutAntiVi...]

Please do not post questions about Scut Total Security or Scut AntiVirus before it is ready, writing on the forum takes time, I will talk with you then, greetings to all of you.

[xri12]

So far Scut Total Security works perfectly on XP and below systems, but on Vista are some problems.

Yes you're right, I installed it on a XP machine and it's running without any bigger problems.
So I took a package of 418 files which where infected with different types of malware. Unfortunately I don't have access to newer malware, so the files come from 2007 to early 2009.
Before I scanned them with Scut, I tested all files with the Online AV from Bitdefender and Pandasoft.
*Bitdefender found 805 infected files; divide that by 2, because BD also scanned the Archives with the malware, and so Bitdefender detected 402,5 of the 418 files(0,5: dont ask me why ^^)
*Panda detected 264 from 418 files

After that I've ran Scut AV over these files and as a result it only detected 11 infected files...not that good, but you're new on the market and it's a bit understandable that older malware wasn't detected.
But there was something much worse than the detection, one malware wasn't neither put into quarantine nor deleted. According to Scut the file was in quarantine, but with every new scan the file was again found at the same location, with the same filename. And even deleting it didn't effect anything; it seemed that this specific file/malware was resistant^^
It was called "Malware.Win32.Generic.bjxd" and if you want I can send you the file.
Also I think some false positves were found. In my temporary internet folder many files (*.html,*.js) where detected as "Exploit.js.nykd", but some of those files came from serious websites.
I can also send you a sample of these files if you need it.

I attached the 3 Logfiles from the AVs, so you can see what was detected and what not.

And not to forget, the Interface of Scut Central doesn't look bad; colorless, but not bad

EDIT: Link to the Logiles: http://rapidshare.com/files/302903896/Logs.zip.html

Der Beitrag wurde von xri12 bearbeitet: 05.11.2009, 22:37

[MobiusScutAntiVi...]

First of all I thank you for your support xri12

I think you're right xri12, we have 200 thousand of malware to introduce in Scut, it is coming very soon.
if you have time, send me those viruses in my mail: paulgagniuc*yahoo.com or laboratory*novusordo.ro, the difference is that on Yahoo you can send large amounts of data in archive with password.

Send me also Exploit.js.nykd file, it has a name, so is not found by heuristics, i am very curious, because it has a designation made by hand (by me).

I am still up and runing at this hour to resolve Vista problem that you raised (run as administrator for SC.exe)

I look at the logs right now.

Der Beitrag wurde von MobiusScutAntiVirus bearbeitet: 06.11.2009, 00:44

[Voyager]

@MobiusScutAntiVirus

Check your Yahoo Inbox , send you Samples.

Der Beitrag wurde von Voyager bearbeitet: 06.11.2009, 08:16

[xri12]

I have just written an email to your yahoo adress with some samples.
I hope your account has enough free space

[MobiusScutAntiVi...]

New updates for Scut On-Demand from Voyager and xri12:

http://www.novusordo.ro/index.php?meniu=udef

[xri12]

New updates for Scut On-Demand from Voyager and xri12:

http://www.novusordo.ro/index.php?meniu=udef

Are you sure that you published new updates for Scut?
The download-version on the first page of this thread had Updates from 10.11.09|AV-Definitions 364535.
The linked updates are from 7.10(Definitions:364615 MS) and 8.10(Definitions:365045 MS); so they look like old updates.
Also all 3 updateversions only find 11 infected files.

[MobiusScutAntiVi...]

Definitions:364615 MS
Definitions:365045 MS
----------------------------
+ 430 signatures

xri12 I looked again in the inbox, I have not received anything yet. Voyager sent me an archive with a pasword. Please send me again your specimens at paulgagniuc@yahoo.com

Der Beitrag wurde von MobiusScutAntiVirus bearbeitet: 08.11.2009, 14:42

[xri12]

Definitions:364615 MS
Definitions:365045 MS
----------------------------
+ 430 signatures

xri12 I looked again in the inbox, I have not received anything yet. Voyager sent me an archive with a pasword. Please send me again your specimens at paulgagniuc@yahoo.com

Hm according to Thunderbird the Email was sent to you on the 6.11 at 22:48PM.
But I've resent my mail and perhaps it arrives this time.

And I just saw that I have forgotten to include the passwords for the archives.
Its: infected

[MobiusScutAntiVi...]

xri12 recognize these files ? If yours, they are in the new update already.


This is the last scan of Scut:


\
ON-DEMAND SCUT ANTIVIRUS SCAN RESULT - 10/9/2009 - scanned in: 00:00:55
/

--------------------------------------------------------------------------------
Machine: [SCUTVIRTUAL ] User: [Mobius]
--------------------------------------------------------------------------------

Infected OBJ: 63
Suspicious OBJ: 0
Desinfected OBJ: 0
Quarantined OBJ: 63
NotThreaded OBJ: 0
Total OBJ scanned: 75
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[1] File: 13.exe is infected with: [Trojan-Spy.Win32.FlyStudio.dwl]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 0 - 10/9/2009 - See more: Trojan-Spy.Win32.FlyStudio.dwl
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[2] File: 2.exe is infected with: [Trojan.Agent.ANLF]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:24 PM - 10/9/2009 - See more: Trojan.Agent.ANLF
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[3] File: 5.exe is infected with: [Trojan-PWS.Win32.Small.m]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:24 PM - 10/9/2009 - See more: Trojan-PWS.Win32.Small.m
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[4] File: adlaunch32.dll is infected with: [AdWare.Win32.AdAgent.bq]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:25 PM - 10/9/2009 - See more: AdWare.Win32.AdAgent.bq
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[5] File: alkey_102_Silent_Setup.exe is infected with: [Trojan.Win32.alkeySilent.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:26 PM - 10/9/2009 - See more: Trojan.Win32.alkeySilent.exe
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[6] File: beghmnoqw.pdf is infected with: [Exploit.Win32.PDF-JS.s]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:26 PM - 10/9/2009 - See more: Exploit.Win32.PDF-JS.s
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[7] File: bp.exe is infected with: [Trojan-DDoS.Win32.Agent.ik]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:27 PM - 10/9/2009 - See more: Trojan-DDoS.Win32.Agent.ik
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[8] File: cc-4ek.exe is infected with: [Trojan.Win32.Bredolab]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:27 PM - 10/9/2009 - See more: Trojan.Win32.Bredolab
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[9] File: codec.exe is infected with: [Trojan.Win32.codec]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:28 PM - 10/9/2009 - See more: Trojan.Win32.codec
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[10] File: cpx.exe is infected with: [Trojan.MulDrop.IndigoRose.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:28 PM - 10/9/2009 - See more: Trojan.MulDrop.IndigoRose.exe
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[11] File: csrss.dll is infected with: [Trojan.Win32.FakeAlert.csrss]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:29 PM - 10/9/2009 - See more: Trojan.Win32.FakeAlert.csrss
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[12] File: ddos-bot.exe is infected with: [Trojan-Dropper.Win32.ddos-bot]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:30 PM - 10/9/2009 - See more: Trojan-Dropper.Win32.ddos-bot
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[13] File: DK Leaders.exe is infected with: [not-a-virus.RemoteAdmin.Win32.PoisonIvy]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:31 PM - 10/9/2009 - See more: not-a-virus.RemoteAdmin.Win32.PoisonIvy
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[14] File: dog.exe is infected with: [Trojan.Win32.Cosmu.ctr]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:32 PM - 10/9/2009 - See more: Trojan.Win32.Cosmu.ctr
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[15] File: dump.exe is infected with: [Trojan.Win32.Buzus.bwrh]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:32 PM - 10/9/2009 - See more: Trojan.Win32.Buzus.bwrh
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[16] File: exeHelper.com is infected with: [Trojan.Win32.Banload.AZJR]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:33 PM - 10/9/2009 - See more: Trojan.Win32.Banload.AZJR
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[17] File: f2.exe is infected with: [Trojan.Win32.sBwzP]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:34 PM - 10/9/2009 - See more: Trojan.Win32.sBwzP
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[18] File: facecooker_setup_p771.exe is infected with: [Trojan.Win32.facecooker]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:35 PM - 10/9/2009 - See more: Trojan.Win32.facecooker
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[19] File: file(5).exe is infected with: [Trojan.Win32.InternetAntivirus.c]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:36 PM - 10/9/2009 - See more: Trojan.Win32.InternetAntivirus.c
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[20] File: file1.exe is infected with: [Backdoor.Win32.Delf.rcc]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:36 PM - 10/9/2009 - See more: Backdoor.Win32.Delf.rcc
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[21] File: flash.swf is infected with: [Exploit.Win32.PDF-URI.ab]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:37 PM - 10/9/2009 - See more: Exploit.Win32.PDF-URI.ab
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[22] File: Flash_Video_Plugin_v3.exe is infected with: [Packed.Win32.TDSS.z]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:37 PM - 10/9/2009 - See more: Packed.Win32.TDSS.z
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[23] File: fotos.exe is infected with: [Trojan.Win32.Pincav.ei]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:38 PM - 10/9/2009 - See more: Trojan.Win32.Pincav.ei
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[24] File: free-movie.exe is infected with: [Trojan.Win32.Agent.czrq.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:39 PM - 10/9/2009 - See more: Trojan.Win32.Agent.czrq.exe
--------------------------------------------------------------------------------

Location: +++++++++++++++ by [SS ENGINE module]
OBJ[25] File: gnc.exe is infected with: [Trojan-PSW.OnLineGames.acir]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:39 PM - 10/9/2009 - See more: Trojan-PSW.OnLineGames.acir
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[26] File: IAUninstaller.exe is infected with: [Malware.Win32.Generic.amrp]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:39 PM - 10/9/2009 - See more: Malware.Win32.Generic.amrp
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[27] File: ieSpy.exe is infected with: [Trojan.Win32.StartPage.eoi]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:40 PM - 10/9/2009 - See more: Trojan.Win32.StartPage.eoi
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[28] File: install(2).exe is infected with: [Trojan.Win32.FakeAV.x.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:41 PM - 10/9/2009 - See more: Trojan.Win32.FakeAV.x.exe
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[29] File: install(5).exe is infected with: [Trojan.Win32.FakeAV.q.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:41 PM - 10/9/2009 - See more: Trojan.Win32.FakeAV.q.exe
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[30] File: iparmor6.dll is infected with: [Malware.Generic.xxxq]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:42 PM - 10/9/2009 - See more: Malware.Generic.xxxq
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[31] File: jtsremote.exe is infected with: [not-a-virus.RemoteAdmin.Win32.WinVNC.c]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:43 PM - 10/9/2009 - See more: not-a-virus.RemoteAdmin.Win32.WinVNC.c
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[32] File: load(2).exe is infected with: [Trojan.Win32.Buzus.bxcr]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:44 PM - 10/9/2009 - See more: Trojan.Win32.Buzus.bxcr
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[33] File: load(3).exe is infected with: [Trojan.Win32.Inject.akdr]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:44 PM - 10/9/2009 - See more: Trojan.Win32.Inject.akdr
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[34] File: load(4).exe is infected with: [Trojan.Win32.Scar.abqf]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:45 PM - 10/9/2009 - See more: Trojan.Win32.Scar.abqf
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[35] File: ms32clod.dll is infected with: [Trojan-Spy.Win32.Agent.bbas]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:45 PM - 10/9/2009 - See more: Trojan-Spy.Win32.Agent.bbas
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[36] File: n-bss.exe is infected with: [Trojan-Spy.Win32.Shiz.l]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:46 PM - 10/9/2009 - See more: Trojan-Spy.Win32.Shiz.l
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[37] File: n-bss1.exe is infected with: [Trojan-Dropper.Win32.Agent.bfth]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:46 PM - 10/9/2009 - See more: Trojan-Dropper.Win32.Agent.bfth
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[38] File: Resume.exe is infected with: [Trojan-Spy.ZBot.acek]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:47 PM - 10/9/2009 - See more: Trojan-Spy.ZBot.acek
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[39] File: rndl64a.exe is infected with: [Trojan-Spy.W32.rndl64a]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:48 PM - 10/9/2009 - See more: Trojan-Spy.W32.rndl64a
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[40] File: sdra64.exe is infected with: [Trojan-Spy.Win32.Zbot.acvr]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:49 PM - 10/9/2009 - See more: Trojan-Spy.Win32.Zbot.acvr
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[41] File: serial.exe is infected with: [Trojan.Win32.Hrup.et]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:50 PM - 10/9/2009 - See more: Trojan.Win32.Hrup.et
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[42] File: setup(2).exe is infected with: [Trojan.Win32.InternetAntivirus.a]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:50 PM - 10/9/2009 - See more: Trojan.Win32.InternetAntivirus.a
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[43] File: setup(5).exe is infected with: [Trojan.Win32.FakeSmoke.b]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:52 PM - 10/9/2009 - See more: Trojan.Win32.FakeSmoke.b
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[44] File: setup(6).exe is infected with: [Trojan.Win32.FakeSmoke.b]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:53 PM - 10/9/2009 - See more: Trojan.Win32.FakeSmoke.b
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[45] File: setup(7).exe is infected with: [Trojan-Downloader.Win32.FraudLoad.fvu]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:56 PM - 10/9/2009 - See more: Trojan-Downloader.Win32.FraudLoad.fvu
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[46] File: setup(8).exe is infected with: [Trojan-Downloader.NSIS.FraudLoad.w.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:57 PM - 10/9/2009 - See more: Trojan-Downloader.NSIS.FraudLoad.w.exe
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[47] File: setup1(2).exe is infected with: [Trojan-Downloader.NSIS.FraudLoad.w.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:52:59 PM - 10/9/2009 - See more: Trojan-Downloader.NSIS.FraudLoad.w.exe
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[48] File: setup1.48.exe is infected with: [Worm.Win32.AutoRun.angr.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:00 PM - 10/9/2009 - See more: Worm.Win32.AutoRun.angr.exe
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[49] File: setup1.exe is infected with: [Trojan-Downloader.Win32.Genome.owe.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:02 PM - 10/9/2009 - See more: Trojan-Downloader.Win32.Genome.owe.exe
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[50] File: setup3.exe is infected with: [Trojan-Downloader.NSIS.FraudLoad.w.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:05 PM - 10/9/2009 - See more: Trojan-Downloader.NSIS.FraudLoad.w.exe
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[51] File: Soft_111.exe is infected with: [Trojan.Win32.FraudPack.vdv]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:06 PM - 10/9/2009 - See more: Trojan.Win32.FraudPack.vdv
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[52] File: Soft_116.exe is infected with: [Trojan.Win32.FakeXP.b]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:08 PM - 10/9/2009 - See more: Trojan.Win32.FakeXP.b
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[53] File: Soft_75s15.exe is infected with: [Trojan.Win32.FakeXP.a]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:10 PM - 10/9/2009 - See more: Trojan.Win32.FakeXP.a
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[54] File: Soft_99s2(2).exe is infected with: [Trojan.Win32.FakeXP.b]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:11 PM - 10/9/2009 - See more: Trojan.Win32.FakeXP.b
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[55] File: SvchostFixWizard.exe is infected with: [Trojan.Win32.SvchostFix]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:12 PM - 10/9/2009 - See more: Trojan.Win32.SvchostFix
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[56] File: us4.exe is infected with: [Trojan-Spy.Win32.Zbot.acvq]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:13 PM - 10/9/2009 - See more: Trojan-Spy.Win32.Zbot.acvq
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[57] File: winbox.exe is infected with: [HackTool.Win32.winbox]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:14 PM - 10/9/2009 - See more: HackTool.Win32.winbox
--------------------------------------------------------------------------------

Location: ------------+++ by [SS ENGINE module]
OBJ[58] File: wrar390pl.exe is infected with: [Trojan.Win32.Delf.pcw.exe]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:14 PM - 10/9/2009 - See more: Trojan.Win32.Delf.pcw.exe
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[59] File: y4i.dll is infected with: [Trojan-Downloader.Win32.Agent.ctqu]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:15 PM - 10/9/2009 - See more: Trojan-Downloader.Win32.Agent.ctqu
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[60] File: zeus.exe is infected with: [Backdoor.Win32.IRCBot.mmv]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:16 PM - 10/9/2009 - See more: Backdoor.Win32.IRCBot.mmv
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[61] File: zgsb.exe is infected with: [Trojan-Spy.Zbot.zgsb]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:16 PM - 10/9/2009 - See more: Trojan-Spy.Zbot.zgsb
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[62] File: zzz974.exe is infected with: [Trojan-PSW.Win32.Agent.nrl]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:16 PM - 10/9/2009 - See more: Trojan-PSW.Win32.Agent.nrl
--------------------------------------------------------------------------------

Location: +++------------ by [SS ENGINE module]
OBJ[63] File: zzz978.exe is infected with: [Trojan-PSW.Win32.Kheagol.b]
path: C:\Documents and Settings\Mobius\Desktop\325472601571f31e1bf00674c368d335\3254\
in: 4:53:17 PM - 10/9/2009 - See more: Trojan-PSW.Win32.Kheagol.b

[MobiusScutAntiVi...]

In that archive, frot a total of 75 files, only 63 were infected, that being 12 true clean files.

[MobiusScutAntiVi...]

This is Novus Ordo communique for Nod32 malicious result for Scut files, and what was being sent in ESET mail's:

quote:

"Scut AntiVirus is not a virus or a threat, is a real antivirus.
We have assembled a team of people, as witness to Nod32 malicious result.
You have 48 hours to remove the signature of so-called by you: Win32/ScutAV.
After 48 hours we suing ESET company through our lawyers, and we will go to mass-media.

Meet Novus Ordo lab. : http://www.novusordo.ro/index.php?meniu=team
Meet Novus Ordo ltd. : http://www.novusordo.ro/index.php?meniu=ano"

Evil intention is a despicable way for ESET to to maintain sales !