【md5内详】16只

碧水寒潭

Start of the scan: 2007年8月17日  09:33

Starting the file scan:

Begin scan in 'H:\AV-TEST'
H:\AV-TEST\16.rar
  [0] Archive type: RAR
  --> runtime.sys
      [DETECTION] Is the Trojan horse TR/Pushu.B
  --> loadadv591.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> ip6fw.sys
      [DETECTION] Contains signature of the rootkit RKIT/Agent.DQ.31.A
  --> svchost.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
  --> hoed.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.YTP.2 Backdoor server programs
  --> downloader.exe
      [DETECTION] Contains signature of the worm WORM/Zhelatin.Gen
  --> 5.dllb
      [DETECTION] Contains signature of the worm WORM/Zhelatin.Gen
  --> win32.exe
      [DETECTION] Contains signature of the worm WORM/Zhelatin.Gen
  --> 2838371.exe
      [DETECTION] Is the Trojan horse TR/Agent.ady.117
  --> loader.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.boy.8
  --> xar5043v7.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
  --> clean_289993.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bqr.1
  --> de.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Agent.bqr.1
  --> runtime2.sys
      [DETECTION] Contains signature of the rootkit RKIT/Posh.A
  --> ntos.exe
      [DETECTION] Is the Trojan horse TR/Spy.Bancos.aco.2
  --> L50.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was deleted!


End of the scan: 2007年8月17日  09:34
Used time: 00:14 min

The scan has been done completely.

      1 Scanning directories
     17 Files were scanned
     16 viruses and/or unwanted programs were found
      0 classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes
      0 Hidden objects were found

yurius

Scan performed at: 2007-8-17 9:53:56
Scanning Log
NOD32 version 2467 (20070816) NT
Command line: C:\virus\16.rar
C:\Program Files\Eset\nod32.exe - is OK
MBR sector of the 1. physical disk - is OK
Active boot sector of the 1. physical disk - is OK

Date: 17.8.2007  Time: 09:53:58
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\virus\16.rar
C:\virus\16.rar ?RAR ?runtime.sys - probably a variant of Win32/Rootkit trojan
C:\virus\16.rar ?RAR ?loadadv591.exe - a variant of Win32/TrojanDownloader.Small.NUS trojan
C:\virus\16.rar ?RAR ?ip6fw.sys - a variant of Win32/Rootkit.Agent.DP trojan
C:\virus\16.rar ?RAR ?svchost.exe - probably a variant of Win32/TrojanDownloader.Small.AMB trojan
C:\virus\16.rar ?RAR ?hoed.exe - is OK
C:\virus\16.rar ?RAR ?downloader.exe - probably a variant of Win32/Obfuscated trojan
C:\virus\16.rar ?RAR ?5.dllb - a variant of Win32/TrojanDownloader.Small.AWA trojan
C:\virus\16.rar ?RAR ?win32.exe - Win32/Nuwar.Gen worm
C:\virus\16.rar ?RAR ?2838371.exe - Win32/Wigon.Z trojan
C:\virus\16.rar ?RAR ?loader.exe - Win32/TrojanDownloader.Agent.BOY trojan
C:\virus\16.rar ?RAR ?xar5043v7.exe - probably unknown NewHeur_PE virus [7]
C:\virus\16.rar ?RAR ?clean_289993.dll - Win32/PSW.Sinowal.Gen trojan
C:\virus\16.rar ?RAR ?de.exe - Win32/PSW.Sinowal.Gen trojan
C:\virus\16.rar ?RAR ?runtime2.sys - a variant of Win32/Rootkit.Agent.EY trojan
C:\virus\16.rar ?RAR ?ntos.exe - Win32/Spy.Agent.NDL trojan
C:\virus\16.rar ?RAR ?L50.exe - probably a variant of Win32/Agent trojan
C:\virus\16.rar:Zone.Identifier - is OK
Number of scanned files: 17
Number of threats found: 15
Time of completion: 09:54:02 Total scanning time: 4 sec (00:00:04)

Notes:
[7] File is probably infected with an unknown virus.

taihuxian

Result: 14 malware found
Rootkit.Win32.Agent.dw (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\runtime.sys
Trojan-Downloader.Win32.LoadAdv.gen (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\loadadv591.exe
Rootkit.Win32.Agent.dp (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\ip6fw.sys
Trojan-Downloader.Win32.Small.cib (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\hoed.exe
Packed.Win32.Tibs.ab (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\downloader.exe
Email-Worm.Win32.Zhelatin.gv (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\win32.exe
Trojan.Win32.Agent.ady (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\2838371.exe
Trojan-Downloader.Win32.Agent.boy (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\loader.exe
Trojan-Downloader.Win32.Alphabet.gen (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\xar5043v7.exe
Trojan-Downloader.Win32.Agent.bqr (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\clean_289993.dll
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\de.exe
Rootkit.Win32.Agent.ey (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\runtime2.sys
Trojan-Spy.Win32.Bancos.aco (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\ntos.exe
Trojan.Win32.Agent.aqw (virus)
C:\Documents and Settings\Administrator\×ÀÃæ\16.rar\L50.exe

uhthn2002

C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\runtime.sys : infected Rootkit.Win32.Agent.dw
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\loadadv591.exe : infected Trojan.DownLoader.22411
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\ip6fw.sys : infected BackDoor.Bulknet
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\svchost.exe : infected Trojan.DownLoader.4995
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\hoed.exe : infected Trojan-Downloader.Win32.Small.cib
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\downloader.exe : infected Trojan.Packed.142
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\5.dllb : infected MalwareScope.Worm.Nuwar-Glowa.1
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\win32.exe : infected Email-Worm.Win32.Zhelatin.gv
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\2838371.exe : infected Trojan.Win32.Wigon.Z
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\loader.exe : infected Trojan-Downloader.Win32.Agent.boy
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\xar5043v7.exe : infected Trojan-Downloader.Win32.Alphabet.gen
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\clean_289993.dll : infected Trojan.Win32.PSW.Sinowal.Gen
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\de.exe : infected Trojan-Downloader.Win32.Agent.bqr
C:\Documents and Settings\uhthn\Desktop\16.rar:<RAR>\L50.exe : infected Trojan.Win32.Agent.aqw


Directories       : 0       Files in archives:      Files on disks:
Archives:                   - total       : 16      - total       : 1     
- scanned         : 1       -  scanned    : 16      - scanned     : 1     
- contain viruses : 1       -  infected   : 14      - infected    : 1     
- deleted         : 0       -  suspicious : 0       - suspicious  : 0

欠妳緈諨

13个

红心王子

江民杀毒软件报告文件

        北京江民新科技术有限公司

        扫描引擎 11.00.700
        病毒库日期 2007-08-16
        更新日期 2007-08-17

扫描目标 C:\Documents and Settings\Administrator\桌面\新建文件夹\

开始时间 2007-08-17 12:12:41

在 C:\Documents and Settings\Administrator\桌面\新建文件夹\runtime.sys 中发现 Rootkit.Vanti.avo 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\新建文件夹\ip6fw.sys 中发现 Rootkit.Vanti.hs 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\新建文件夹\svchost.exe 中发现 Trojan/PSW.GamePass.oow 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\新建文件夹\2838371.exe 中发现 Trojan/Agent.kba 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\新建文件夹\loader.exe 中发现 TrojanDownloader.Agent.jho 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\新建文件夹\runtime2.sys 中发现 Rootkit.Vanti.asu 病毒, 已删除
在 C:\Documents and Settings\Administrator\桌面\新建文件夹\L50.exe 中发现 Trojan/Agent.kea 病毒, 已删除
正常结束。

扫描结果:
                 文件数 :482                                 病毒体 :7         
                   删除 :7                                     解毒 :0         
    扫描速度(千字节/秒) :15755                             扫描时间 :00:00:08
    扫描文件速度(个/秒) :60

漏掉了9个

promised

阿米把启发开到0以上
那个没报的是level20默认30一下不报

jimmyleo

谢谢告知

小飞侠.net

McAfee VirusScan for Win32 v5.20.0
Copyright (c) 1992-2005 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832  LICENSED COPY - Jun  5 2007
Scan engine v5.2.00 for Win32.
Virus data file v5100 created Aug 17 2007
Scanning for 311901 viruses, trojans and variants.
Using c:\Documents and Settings\小飞侠.net\桌面\桌面\McAfee VirusScan\EXTRA.DAT to scan for 0 additional virus(es).

08/18/2007  16:35:47

Options:
"V:\VIRUSDOC20070818\052" /MIME /SUB /UNZIP /ALL /RPTALL /STREAMS /REPORT C:\DOCUME~1\小飞侠.NET\LOCALS~1\TEMP\SCAN.TXT /PROGRAM /ANALYZE /MAILBOX
Scanning V: [V盘]
Scanning V:\VIRUSDOC20070818\052\*.*
V:\VIRUSDOC20070818\052\16.rar ... is OK.
V:\VIRUSDOC20070818\052\16.rar\RUNTIME.SYS ... is OK.
V:\VIRUSDOC20070818\052\16.rar\RUNTIME.SYS\RUNTIME.SYS ... is OK.
V:\VIRUSDOC20070818\052\16.rar\LOADADV591.EXE ... is OK.
V:\VIRUSDOC20070818\052\16.rar\LOADADV591.EXE\LOADADV591.EXE ... Found the Downloader-AWM.gen trojan !!!
V:\VIRUSDOC20070818\052\16.rar\IP6FW.SYS ... Found the Generic RootKit.a trojan !!!
V:\VIRUSDOC20070818\052\16.rar\SVCHOST.EXE ... is OK.
V:\VIRUSDOC20070818\052\16.rar\SVCHOST.EXE\SVCHOST.EXE ... is OK.
V:\VIRUSDOC20070818\052\16.rar\HOED.EXE ... is OK.
V:\VIRUSDOC20070818\052\16.rar\HOED.EXE\HOED.EXE ... Found trojan or variant New Malware.x !!!
        Please send a copy of the file to McAfee
V:\VIRUSDOC20070818\052\16.rar\DOWNLOADER.EXE ... is OK.
V:\VIRUSDOC20070818\052\16.rar\5.DLLB ... Found the Tibs virus !!!
V:\VIRUSDOC20070818\052\16.rar\WIN32.EXE ... Found the Downloader-ASH.gen virus !!!
V:\VIRUSDOC20070818\052\16.rar\2838371.EXE ... Found the Generic.ed trojan !!!
V:\VIRUSDOC20070818\052\16.rar\LOADER.EXE ... Found the Generic Downloader trojan !!!
V:\VIRUSDOC20070818\052\16.rar\XAR5043V7.EXE ... is OK.
V:\VIRUSDOC20070818\052\16.rar\XAR5043V7.EXE\XAR5043V7.EXE ... is OK.
V:\VIRUSDOC20070818\052\16.rar\XAR5043V7.EXE\XAR5043V7.EXE\00004000.EXE ... is OK.
V:\VIRUSDOC20070818\052\16.rar\CLEAN_289993.DLL ... is OK.
V:\VIRUSDOC20070818\052\16.rar\DE.EXE ... Found the Generic Downloader.z trojan !!!
V:\VIRUSDOC20070818\052\16.rar\RUNTIME2.SYS ... Found the Spy-Agent.bv.sys trojan !!!
V:\VIRUSDOC20070818\052\16.rar\NTOS.EXE ... Found the PWS-Banker trojan !!!
V:\VIRUSDOC20070818\052\16.rar\L50.EXE ... is OK.
V:\VIRUSDOC20070818\052\16.rar:Zone.Identifier ... is OK.
Summary report on V:\VIRUSDOC20070818\052\*.*
File(s)
        Total files: ...........      24
        Clean: .................      14
        Possibly Infected: .....      10

Time: 00:00.03