www.MegaLab.it

da **Pulcepiccola** » ven ago 05, 2011 8:29 am

Carissimi,

volevo chiedervi, gentilmente , un parere sulla seguente questione:

Ho utilizzato una applicazione basata sul web per convertire un file .swf (flash) in un file eseguibile. exe per poterlo leggere senza utilizzare il browser Firefox, il sito è: http://www.swf-to-exe.com.

( lo conoscete questo sito? è affidabile?).

Ho ottenuto questo file ( vi posto il link: http://www.mediafire.com/file/c28awip8k ... roller.exe).

Per maggiore sicurezza ho preferito inviarlo a Virus Total ottenendo la segnalazione della presenza di Virus ( anche se solo 2 Antivirus segnalano malware, come si evince dal rapporto allegato: http://www.virustotal.com/file-scan/rep ... 1312467223 )

A questo punto ho preso la decisione, confidando che si trattasse di falsi positivi, di eseguire comunque sul mio PC il file avira_andy_config_controller.exe ( contiene una guida postata, gentilmente, da Hashcat in cui si spiega come settare Avira free, sai volevo leggerla offline)generato dal sito suddetto, per vedere se il servizio offerto era anche funzionante.

A parte la considerazione che lanciando l'eseguibile non si visualizza alcunchè, adesso la mia preoccupazione è se sono stato imprudente nell'eseguire un file per il quale vi erano avvisaglie di "contaminazione".

Che altre indagini si possono fare per assicurarsi della genuinità del file?

Comunque per scrupolo ho fatto una scansione del PC con il Live CD Avira AntiVir Rescue System.

Dal report che allego:

Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set: 8.2.6.22
VDF Version: 7.11.12.200
Scan start time: Thu Aug 4 15:39:57 2011
configuration file: /etc/avira/scancl.conf
WARNING: [Unexpected end of file] /media/Devices/hda1/COPIA CRI 08/Copia silv 08/Silvana/medic interna/collotiroide.zip

WARNING: [Unexpected end of file] /media/Devices/hda1/COPIA CRI 08/Cristina/Fuzzy/Programmi/Programma VB Fuzzy/mrnFuzzyDecision.zip

WARNING: [Unexpected end of file] /media/Devices/hda1/COPIA CRI 08/Cristina/Fuzzy/Programmi/Programma VB Fuzzy/mrnFuzzyEngine.zip

WARNING: [The files in archive are multiple volume] /media/Devices/hda1/COPIA CRI 08/LabView/LabVIEW/m50.cab -->

Ie_s1.cab.B7D6D710_1561_481D_95A8_6A41D08E3CD3 -->

IE_1.CAB

WARNING: [The files in archive are multiple volume] /media/Devices/hda1/COPIA CRI 08/LabView/LabVIEW/m50.cab -->

Ie_s2.cab.B7D6D710_1561_481D_95A8_6A41D08E3CD3 -->

IE_2.CAB

WARNING: [The files in archive are multiple volume] /media/Devices/hda1/COPIA CRI 08/LabView/LabVIEW/m50.cab -->

Ie_s3.cab.B7D6D710_1561_481D_95A8_6A41D08E3CD3 -->

IE_3.CAB

WARNING: [The files in archive are multiple volume] /media/Devices/hda1/COPIA CRI 08/LabView/LabVIEW/m50.cab -->

Ie_s4.cab.B7D6D710_1561_481D_95A8_6A41D08E3CD3 -->

IE_4.CAB

WARNING: [The files in archive are multiple volume] /media/Devices/hda1/COPIA CRI 08/LabView/LabVIEW/m50.cab -->

Ient_s1.cab.B7D6D710_1561_481D_95A8_6A41D08E3CD3 -->

IENT_1.CAB

WARNING: [The files in archive are multiple volume] /media/Devices/hda1/COPIA CRI 08/LabView/LabVIEW/m50.cab -->

Ient_s2.cab.B7D6D710_1561_481D_95A8_6A41D08E3CD3 -->

IENT_2.CAB

WARNING: [The files in archive are multiple volume] /media/Devices/hda1/COPIA CRI 08/LabView/LabVIEW/m50.cab -->

Ient_s3.cab.B7D6D710_1561_481D_95A8_6A41D08E3CD3 -->

IENT_3.CAB

WARNING: [The files in archive are multiple volume] /media/Devices/hda1/COPIA CRI 08/LabView/LabVIEW/m50.cab -->

Ient_s4.cab.B7D6D710_1561_481D_95A8_6A41D08E3CD3 -->

IENT_4.CAB

WARNING: [The files in archive are multiple volume] /media/Devices/hda1/COPIA CRI 08/LabView/LabVIEW/m50.cab -->

Ient_s5.cab.B7D6D710_1561_481D_95A8_6A41D08E3CD3 -->

IENT_5.CAB

WARNING: [Unexpected end of file] /media/Devices/hda1/Documents and Settings/All Users/Dati applicazioni/Skype/Plugins/Local Cache/DDEB1C5957CB432E8BA823B6D3B25E0D.zip

WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/hda1/Documents and Settings/All Users/Documenti/1.Sicurezza PC/Distro Linux/Slax/1slax.iso -->

slax/slaxsave.zip -->

save1024.zip

WARNING: [An abort was triggered by the progress callback] /media/Devices/hda1/Documents and Settings/All Users/Documenti/1.Sicurezza PC/Distro Linux/Slax/1slax.iso/slax/slaxsave.zip/save1024.zip

WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/hda1/Documents and Settings/All Users/Documenti/1.Sicurezza PC/Distro Linux/Slax/slax-6.1.2.iso -->

slax/slaxsave.zip -->

save1024.zip

WARNING: [An abort was triggered by the progress callback] /media/Devices/hda1/Documents and Settings/All Users/Documenti/1.Sicurezza PC/Distro Linux/Slax/slax-6.1.2.iso/slax/slaxsave.zip/save1024.zip

WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/hda1/Documents and Settings/All Users/Documenti/1.Sicurezza PC/Distro Linux/Slax/slax.iso -->

slax/slaxsave.zip -->

save1024.zip

WARNING: [An abort was triggered by the progress callback] /media/Devices/hda1/Documents and Settings/All Users/Documenti/1.Sicurezza PC/Distro Linux/Slax/slax.iso/slax/slaxsave.zip/save1024.zip

WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/hda1/Documents and Settings/All Users/Documenti/1.Sicurezza PC/Distro Linux/Slax/slaxult.iso -->

slax/slaxsave.zip -->

save1024.zip

WARNING: [An abort was triggered by the progress callback] /media/Devices/hda1/Documents and Settings/All Users/Documenti/1.Sicurezza PC/Distro Linux/Slax/slaxult.iso/slax/slaxsave.zip/save1024.zip

WARNING: [Bad compressed data] /media/Devices/hda1/Documents and Settings/All Users/Documenti/1.Sicurezza PC/Firewall pwer W98/rfw_en_10.exe

WARNING: [Bad compressed data] /media/Devices/hda1/Documents and Settings/All Users/Documenti/rfw_en_10.exe

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/Utente/Desktop/SILVANA/CD INSTALLAZIONE VISTA/rosa/SoftwareMedia (E)/BASW-00601A/Apps/MSC/msclgmis.cab -->

screm.ui

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/Utente/Desktop/SILVANA/CD INSTALLAZIONE VISTA/rosa/SoftwareMedia (E)/BASW-00700A/Apps/MSC/msclgmis.cab -->

screm.ui

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/Utente/Desktop/SILVANA/CD INSTALLAZIONE VISTA/rosa/SoftwareMedia (E)/BASW-00514A/Apps/MSC/msclgmis.cab -->

screm.ui

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/Utente/Desktop/SILVANA/CD INSTALLAZIONE VISTA/rosa/SoftwareMedia (E)/BASW-00597A/Apps/MSC/msclgmis.cab -->

screm.ui

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/Utente/Desktop/SILVANA/CD INSTALLAZIONE VISTA/rosa/SoftwareMedia (E)/BASW-00598A/Apps/MSC/msclgmis.cab -->

screm.ui

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/Utente/Desktop/SILVANA/CD INSTALLAZIONE VISTA/rosa/SoftwareMedia (E)/BASW-00599A/Apps/MSC/msclgmis.cab -->

screm.ui

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/Utente/Desktop/SILVANA/CD INSTALLAZIONE VISTA/rosa/SoftwareMedia (E)/BASW-00600A/Apps/MSC/msclgmis.cab -->

screm.ui

WARNING: [Unexpected end of file] /media/Devices/hda1/Documents and Settings/Utente/Documenti/Cristina/Fuzzy/Programmi/Programma VB Fuzzy/mrnFuzzyDecision.zip

WARNING: [Unexpected end of file] /media/Devices/hda1/Documents and Settings/Utente/Documenti/Cristina/Fuzzy/Programmi/Programma VB Fuzzy/mrnFuzzyEngine.zip

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/Utente/Documenti/Software/TIS3264IT_eval.exe -->

Tools/32bit/SICTOOL/SICBASE.DAT

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/Utente/Documenti/Software/TIS3264IT_eval.exe -->

Tools/64bit/SICTOOL/SICBASE.DAT

WARNING: [Unexpected end of file] /media/Devices/hda1/Documents and Settings/Utente/Impostazioni locali/Temp/dwkhmiy8.zip

WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/1slax.iso -->

slax/slaxsave.zip -->

save1024.zip

WARNING: [An abort was triggered by the progress callback] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/1slax.iso/slax/slaxsave.zip/save1024.zip

WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/Con Firefox 3.6.13_Flash 10.1r85_Jre 6u22slax.iso -->

slax/slaxsave.zip -->

save1024.zip

WARNING: [An abort was triggered by the progress callback] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/Con Firefox 3.6.13_Flash 10.1r85_Jre 6u22slax.iso/slax/slaxsave.zip/save1024.zip

WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/slax-6.1.2.iso -->

slax/slaxsave.zip -->

save1024.zip

WARNING: [An abort was triggered by the progress callback] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/slax-6.1.2.iso/slax/slaxsave.zip/save1024.zip

WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/slax.iso -->

slax/slaxsave.zip -->

save1024.zip

WARNING: [An abort was triggered by the progress callback] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/slax.iso/slax/slaxsave.zip/save1024.zip

WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/slaxult.iso -->

slax/slaxsave.zip -->

save1024.zip

WARNING: [An abort was triggered by the progress callback] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Distro Linux/Slax/slaxult.iso/slax/slaxsave.zip/save1024.zip

WARNING: [Bad compressed data] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/1.Sicurezza PC/Firewall pwer W98/rfw_en_10.exe

WARNING: [File is encrypted] /media/Devices/hda1/Documents and Settings/utente skype/Documenti/Desktop al 2.04.11/Disinstallare Avast e Trend Micro/32bit.exe -->

32bit\SICTOOL\SICBASE.DAT

WARNING: [Unexpected end of file] /media/Devices/hda1/Documents and Settings/utente skype/Impostazioni locali/Temporary Internet Files/Content.IE5/KFR7E0XP/reginadellapace[1].zip

WARNING: [Bad compressed data] /media/Devices/hda1/Programmi/Trend Micro/Internet Security/TmpxTmp/htt6C.tmp

WARNING: [Bad archive header] /media/Devices/hda1/RECYCLER/S-1-5-21-527237240-1958367476-725345543-1003/Dc120.part

WARNING: [Unexpected end of file] /media/Devices/hda1/WINDOWS/system32/Macromed/Flash/uninstall_activeX.exe

WARNING: [Unexpected end of file] /media/Devices/hda1/WINDOWS/system32/Macromed/Flash/uninstall_plugin.exe

Statistics :
Directories............... : 12334
Archives.................. : 3082
Files..................... : 620409
Infected.............. : 0
Warnings.............. : 52
Suspicious............ : 0
Infections................ : 0

il PC sembra pulito anche se ci sono molti Warnings ma soprattutto alcuni mi sembrano sospetti ( li riepilogo:

WARNING: [Bad compressed data] /media/Devices/hda1/Programmi/Trend Micro/Internet Security/TmpxTmp/htt6C.tmp

WARNING: [Bad archive header] /media/Devices/hda1/RECYCLER/S-1-5-21-527237240-1958367476-725345543-1003/Dc120.part

WARNING: [Unexpected end of file] /media/Devices/hda1/WINDOWS/system32/Macromed/Flash/uninstall_activeX.exe

WARNING: [Unexpected end of file] /media/Devices/hda1/WINDOWS/system32/Macromed/Flash/uninstall_plugin.exe

Che significa "Unexpected end of file"? Cosa ne pensate?

E' conveniente fare ulteriori accertamenti per capire se il PC è pulito ( e se si, cosa mi consigliate?) oppure non è necessario?

Grazie mille e buone vacanze a tutti

[ciao]

Pp

da **crazy.cat** » ven ago 05, 2011 8:52 am

Pulcepiccola ha scritto:( lo conoscete questo sito? è affidabile?).

Non lo conosco il sito, ma conosco questo programma http://www.MegaLab.it/3311/swf-to-exe

( anche se solo 2 Antivirus segnalano malware

Non sono certo tra gli antivirus più famosi, quindi li ignorerei.

A parte la considerazione che lanciando l'eseguibile non si visualizza alcunchè

Forse la conversione non è riuscita bene, prova il programma che ti indicato.

WARNING: [Bad compressed data] /media/Devices/hda1/Programmi/Trend Micro/Internet Security/TmpxTmp/htt6C.tmp

questo usa un tipo di compressione che avira non gradisce, è legato al tuo antivirus

WARNING: [Bad archive header] /media/Devices/hda1/RECYCLER/S-1-5-21-527237240-1958367476-725345543-1003/Dc120.part

E' nel cestino, svuotalo.

Che significa "Unexpected end of file"?

Direi che avira cercava un punto come chiusura del file ed invece ha trovato una virgola. (o qualcosa di simile)

Direi che non ci sono infezioni, proprio per scrupolo fai analizzare i due "Unexpected end of file" ma non dovrebbe esserci niente.

da **Pulcepiccola** » ven ago 05, 2011 9:52 am

Crazy.cat,

grazie mille

un caro saluto

Pp

www.MegaLab.it

Analisi genuinità file

Analisi genuinità file

Re: Analisi genuinità file

Re: Analisi genuinità file

Chi c’è in linea