[MD5: 472036 6ED94F 5FC6DC 911C43 EC16BF 6A7679 BF514D]

qianwenxiang

[MD5: 472036 6ED94F 5FC6DC 911C43 EC16BF 6A7679 BF514D]

woai_jolin

===================================================================================================
NVCOD On Demand Scanner 5.80.02

NSE revision 5.91.04
nvcbin.def revision 5.90.00 of 2007/08/15 19:07:26 (829574 variants)
nvcmacro.def revision 5.90.00 of 2007/08/06 19:46:49 (20358 variants)
Total number of variants: 849932
Command line: "@C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~OD9B.tmp"
===================================================================================================

       Time  Filename                                                     Virus name
---------------------------------------------------------------------------------------------------
- Scanning files in the directory: F:\v\v1\
     1578 ms F:\v\v1\Calc_Repair.exe                                    
        0 ms F:\v\v1\Calc_Repair.exe:Zone.Identifier                     
        0 ms F:\v\v1\CelInDriver.sys                                    
        0 ms F:\v\v1\CelInDriver.sys:Zone.Identifier                     
       16 ms F:\v\v1\CelInDriver.sysk                                    
        0 ms F:\v\v1\CelInDriver.sysk:Zone.Identifier                    
       16 ms F:\v\v1\isignup.dll                                          Trojan W32/Malware.UMI ()
        0 ms F:\v\v1\isignup.dll:Zone.Identifier                        
       15 ms F:\v\v1\isignup.sys                                          Trojan W32/Wow.BDL ()
        0 ms F:\v\v1\isignup.sys:Zone.Identifier                        
       16 ms F:\v\v1\wdfmgr32.exe                                         Trojan W32/DLoader.CZZO ()
        0 ms F:\v\v1\wdfmgr32.exe:Zone.Identifier                        
       15 ms F:\v\v1\windds32.dll                                       
        0 ms F:\v\v1\windds32.dll:Zone.Identifier                        
- File F:\v\v1\isignup.dll quarantined.
- File F:\v\v1\isignup.dll deleted.
- File F:\v\v1\isignup.sys quarantined.
- File F:\v\v1\isignup.sys deleted.
- File F:\v\v1\wdfmgr32.exe quarantined.
- File F:\v\v1\wdfmgr32.exe deleted.

===================================================================================================

The scanning started: 2007/08/16 14:13:47
               ended: 2007/08/16 14:13:49
Logged on as        : Administrator
on hostname         : 2FF87FC2B9AB46F

Scanning results:
   Total number of files found..............................:      14
   Number of files scanned..................................:      14
   Number of files/directories skipped due to exclude list..:       0
   Number of files that could not be opened.................:       0
   Number of archive files unpacked.........................:       0
   Number of archive files not unpacked.....................:       0
   Number of infections.....................................:       3

Copyright (c) 1993-2005 Norman ASA.

红心王子

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.PSW.QQPass.tlc   
病毒： Trojan.PSW.QQPass.tlc   
病毒： RootKit.Win32.Cell.h     
病毒： Trojan.DL.Win32.Agent.wwf

yurius

deleted: Trojan program Trojan-PSW.Win32.WOW.qz        File: C:\virus\081602.rar/isignup.dll//UPX
deleted: Trojan program Trojan-PSW.Win32.WOW.qz        File: C:\virus\081602.rar/isignup.sys
not found: virus Email-Worm.Win32.generic (modification)        File: C:\virus\081602.rar/Calc_Repair.exe//#
deleted: Trojan program Trojan-Proxy.Win32.Small.du        File: C:\virus\081602.rar/CelInDriver.sys//PE_Patch.Stolen
deleted: Trojan program Trojan-Downloader.Win32.Cryptic.gen        File: C:\virus\081602.rar/wdfmgr32.exe

欠妳緈諨

AVAST5只

kasper

BD

C:\Documents and Settings\同同\桌面\081602.rar=>isignup.dll        Infected: Trojan.PWS.WOW.QZ
C:\Documents and Settings\同同\桌面\081602.rar=>isignup.dll        Deleted
C:\Documents and Settings\同同\桌面\081602.rar        Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\同同\桌面\081602.rar=>isignup.sys        Infected: Trojan.PWS.WOW.QZ
C:\Documents and Settings\同同\桌面\081602.rar=>isignup.sys        Deleted
C:\Documents and Settings\同同\桌面\081602.rar        Archive repacking has failed (marked actions not taken)
C:\Documents and Settings\同同\桌面\081602.rar=>CelInDriver.sys        Infected: Trojan.Havedo.Z
C:\Documents and Settings\同同\桌面\081602.rar=>CelInDriver.sys        Disinfection failed
C:\Documents and Settings\同同\桌面\081602.rar=>CelInDriver.sys        Move failed
C:\Documents and Settings\同同\桌面\081602.rar=>wdfmgr32.exe        Infected: MemScan:Trojan.Downloader.VB.WN
C:\Documents and Settings\同同\桌面\081602.rar=>wdfmgr32.exe        Disinfection failed
C:\Documents and Settings\同同\桌面\081602.rar=>wdfmgr32.exe        Move failed


驱逐舰报木马三个~~~~~

The EQs

Scan performed at: 2007-8-16 14:55:35
Scanning Log
NOD32 version 2465 (20070816) NT
Command line: C:\Documents and Settings\EQ2\桌面\081602.rar
Operating memory - is OK

Date: 16.8.2007  Time: 14:55:42
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\081602.rar
C:\Documents and Settings\EQ2\桌面\081602.rar ?RAR ?isignup.dll - probably a variant of Win32/PSW.QQShou trojan
C:\Documents and Settings\EQ2\桌面\081602.rar ?RAR ?isignup.sys - probably a variant of Win32/PSW.QQShou trojan
C:\Documents and Settings\EQ2\桌面\081602.rar ?RAR ?wdfmgr32.exe - a variant of Win32/TrojanDownloader.VB.APY trojan
C:\Documents and Settings\EQ2\桌面\081602.rar ?RAR ?windds32.dll - a variant of Win32/Agent.NIK trojan
Number of scanned files: 8
Number of threats found: 4
Number of files cleaned: 1
Time of completion: 14:55:43 Total scanning time: 1 sec (00:00:01)

taihuxian

Result: 4 malware found
Trojan-PSW.Win32.WOW.qz (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\081602.rar\isignup.dll
C:\Documents and Settings\Administrator\×ÀÃæ\081602.rar\isignup.sys
Trojan-Proxy.Win32.Small.du (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\081602.rar\CelInDriver.sys
Trojan-Downloader.Win32.Cryptic.gen (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\081602.rar\wdfmgr32.exe

碧水寒潭

tart of the scan: 2007年8月16日  15:29

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\081602.rar
  [0] Archive type: RAR
  --> isignup.dll
      [DETECTION] Is the Trojan horse TR/PSW.52403
  --> isignup.sys
      [DETECTION] Is the Trojan horse TR/PSW.52403
  --> CelInDriver.sys
      [DETECTION] Is the Trojan horse TR/Proxy.Small.DU.1048
  --> wdfmgr32.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> windds32.dll
      [DETECTION] Is the Trojan horse TR/Agent.22016.B
      [INFO]      The file was deleted!


End of the scan: 2007年8月16日  15:29
Used time: 00:13 min

The scan has been done completely.

      1 Scanning directories
      8 Files were scanned
      5 viruses and/or unwanted programs were found
      0 classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes
      0 Hidden objects were found

yurius

C:\virus\081602\isignup.dll - infected with Trojan.PWS.Gamania.2870
C:\virus\081602\isignup.sys - infected with Trojan.PWS.Qqpass.1156
C:\virus\081602\CelInDriver.sys - infected with Trojan.Havedo
C:\virus\081602\wdfmgr32.exe - infected with Trojan.DownLoader.15732