【md5内详】25

xxwpk007

用AntiVirusKit扫描病毒
版本 16.0.7
病毒库签名 2007-8-13
开始时间: 2007-8-14 19:07
引擎: KAV 引擎 (AVK 17.6833), BD  引擎 (BD 17.4714)
启发式: 打开
压缩文件: 打开
系统区域: 打开

扫描系统区域...
扫描所选择的目录和文件...
对象: WinSys64.Sys
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Generic.PWStealer.7D19CFCE (BD  引擎)
对象: yy.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Generic.Malware.SBdld.470A7052 (BD  引擎)
对象: SysWin64.Jmp
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Generic.PWStealer.F29BBF68 (BD  引擎)
对象: jopen13.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Generic.PWStealer.F29BBF68 (BD  引擎)
对象: 630.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Trojan-Downloader.Win32.Agent.bpp (KAV 引擎), Trojan.Autorun.BQ (BD  引擎)
对象: mydpri.dll
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Trojan.Downloader.Agent.YJA (BD  引擎)
对象: wddpri.dll
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: DeepScan:Generic.Dld.Agent.F97DB041 (BD  引擎)
对象: dhdpri.dll
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Trojan.Downloader.Agent.YJA (BD  引擎)
对象: jopen10.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Generic.PWS.Games.2.B3876854 (BD  引擎)
对象: 1.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Virus.Win32.Drowor.d (KAV 引擎)
对象: jopen6.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: BehavesLike:Win32.ExplorerHijack (BD  引擎)
对象: jopen1.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Trojan-Spy.Win32.Delf.uv (KAV 引擎), DeepScan:Generic.Dld.Agent.8331DB85 (BD  引擎)
对象: jopen3.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: DeepScan:Generic.Dld.Agent.98A9E5E1 (BD  引擎)
对象: jopen12.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: DeepScan:Generic.Dld.Agent.BF55E9E9 (BD  引擎)
对象: jopen11.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Trojan-PSW.Win32.OnLineGames.aci (KAV 引擎), BehavesLike:Win32.ExplorerHijack (BD  引擎)
对象: www.exe
        路径: G:\样本\25
        Status: 已发现病毒
        病毒: Worm.Win32.Viking.lu (KAV 引擎), Win32.Worm.Viking.IZ (BD  引擎)
分析完毕: 2007-8-14 19:07
    已检查 25 个文件
    已发现 16 个染毒文件
    发现 0 个可疑文件

hkt988

Product: BitDefender 9 Professional Plus
//        Version: 9.5
//
//        创建在:        14/08/2007        14:44:26
//
//-----------------------------------------------------------------


病毒统计

扫描路径        : D:\下载文件夹\25.rar
文件夹        : 0
文件        :  37
存档        : 3
被压缩的文件        : 1
被识别的病毒        : 13
被感染文件        : 17
警告        : 0

yurius

[Scan path] C:\virus\25.rar
>C:\virus\25.rar\WinSys64.Sys infected with Win32.HLLW.Autoruner.378
>>C:\virus\25.rar\yy.exe infected with modification of BackDoor.Generic.1024
>>>C:\virus\25.rar\SysWin64.Jmp infected with Win32.HLLW.Autoruner.378
>>>>C:\virus\25.rar\jopen13.exe infected with Win32.HLLW.Autoruner.378
>>>>C:\virus\25.rar\630.exe infected with Trojan.PWS.Maran
>>>>C:\virus\25.rar\mydpri.dll - Ok
>>>>C:\virus\25.rar\wddpri.dll - Ok
>>>>C:\virus\25.rar\dhdpri.dll infected with Trojan.PWS.Wsgame.1089
>>>>C:\virus\25.rar\qq.exe infected with Trojan.Sniff
>>>>>C:\virus\25.rar\jopen10.exe infected with Trojan.PWS.Wsgame
>>>>>>C:\virus\25.rar\1.exe infected with Win32.HLLW.Wace.8
>>>>>>>C:\virus\25.rar\jopen6.exe probably infected with BACKDOOR.Trojan
>>>>>>>>C:\virus\25.rar\jopen1.exe infected with Trojan.PWS.Wsgame.1093
>>>>>>>>>C:\virus\25.rar\jopen8.exe probably infected with BACKDOOR.Trojan
>>>>>>>>>>C:\virus\25.rar\jopen9.exe infected with Trojan.PWS.Wsgame.1086
>>>>>>>>>>>C:\virus\25.rar\jopen3.exe infected with Trojan.PWS.Wsgame.1089
>>>>>>>>>>>>>C:\virus\25.rar\jopen12.exe - Ok
>>>>>>>>>>>>>>C:\virus\25.rar\jopen11.exe infected with Trojan.PWS.Gamania.3298
>>>>>>>>>>>>>>>C:\virus\25.rar\jopen2.exe infected with Trojan.PWS.Wsgame.1081
>>>>>>>>>>>>>>>>C:\virus\25.rar\jopen4.exe infected with Trojan.MulDrop.8306
>>>>>>>>>>>>>>>>C:\virus\25.rar\jopen.vbs infected with Trojan.AVKill.302
>>>>>>>>>>>>>>>>C:\virus\25.rar\1.bat - Ok
>>>>>>>>>>>>>>>>C:\virus\25.rar\run.bat infected with Trojan.Starter.239
>>>>>>>>>>>>>>>>>>C:\virus\25.rar\jopen15.exe\qq.exe infected with Trojan.Sniff
>>>>>>>>>>>>>>>>>>C:\virus\25.rar\jopen15.exe\run.bat infected with Trojan.Starter.239
>>>>>>>>>>>>>>>>>>C:\virus\25.rar\jopen15.exe\WanPacket.dll - Ok
>>>>>>>>>>>>>>>>>>C:\virus\25.rar\jopen15.exe\wpcap.dll - Ok
>>>>>>>>>>>>>>>>>>C:\virus\25.rar\jopen15.exe\jopen.vbs infected with Trojan.AVKill.302
>>>>>>>>>>>>>>>>>>C:\virus\25.rar\jopen15.exe\npf.sys - Ok
>>>>>>>>>>>>>>>>>>C:\virus\25.rar\jopen15.exe\Packet.dll - Ok
>C:\virus\25.rar\jopen15.exe - archive contains infected objects
>C:\virus\25.rar\www.exe infected with Win32.HLLW.Gavir.72
C:\virus\25.rar - archive contains infected objects
C:\virus\25.rar:Zone.Identifier - Ok

碧水寒潭

Start of the scan: 2007年8月14日  23:20

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\1228.rar
  [0] Archive type: RAR
  --> WinSys64.Sys
      [DETECTION] Is the Trojan horse TR/PSW.Agent.MI.8
  --> yy.exe
      [DETECTION] Is the Trojan horse TR/Agent.33143
  --> SysWin64.Jmp
      [DETECTION] Is the Trojan horse TR/PSW.Agent.MI.8
  --> jopen13.exe
      [DETECTION] Is the Trojan horse TR/PSW.Agent.MI.8
  --> 630.exe
      [DETECTION] Is the Trojan horse TR/Agent.28829
  --> mydpri.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.20024
  --> wddpri.dll
      [DETECTION] Is the Trojan horse TR/Agent.16384.40
  --> dhdpri.dll
      [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.65
  --> qq.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> jopen10.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Zhidao
  --> jopen6.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.1
  --> jopen1.exe
      [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.49
  --> jopen8.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineG.MI.2
  --> jopen9.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnLineGames.aet.7
  --> jopen3.exe
      [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.62
  --> jopen12.exe
      [DETECTION] Is the Trojan horse TR/Spy.Agent.10951
  --> jopen11.exe
      [DETECTION] Is the Trojan horse TR/PSW.6340
  --> jopen2.exe
      [DETECTION] Is the Trojan horse TR/Drop.Faemon
  --> jopen4.exe
      [DETECTION] Is the Trojan horse TR/Agent.5127
  --> 1.bat
      [DETECTION] Contains suspicious code HEUR/Exploit.HTML
  --> jopen15.exe
      [DETECTION] Contains signature of the dropper DR/Agent.bhb
      [1] Archive type: RAR SFX (self extracting)
      --> qq.exe
          [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> www.exe
      [DETECTION] Is the Trojan horse TR/PSW.Delf.AF.2
      [INFO]      The file was deleted!


End of the scan: 2007年8月14日  23:21
Used time: 00:15 min

The scan has been done completely.

      1 Scanning directories
     33 Files were scanned
     24 viruses and/or unwanted programs were found
      1 classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      8 Files not concerned
      2 Archives were scanned
      0 Warnings
      0 Notes
      0 Hidden objects were found