下午茶 3个样本

红心王子

小心测试

ps：有一个是隐藏系统的文件

mofunzone

Starting the file scan:

Begin scan in 'C:\Users\morgan\Documents\vir.rar'
C:\Users\morgan\Documents\
  vir.rar
    [0] Archive type: RAR
    --> vir\ntdeIect.com
        [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> vir\es5HWk.dat
        [DETECTION] Is the Trojan horse TR/Drop.Delf.Ava.3
        [WARNING]   Infected files in archives cannot be repaired!
    --> vir\csrssddv.exe
      [WARNING]   The file was ignored!


End of the scan: 2007年12月16日  21:09
Used time: 00:05 min

The scan has been done completely.

      0 Scanning directories
      4 Files were scanned
      2 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      1 Archives were scanned
      3 Warnings
      0 Notes

yjwfdc

诺顿10发现两个

Graybird

csrssddv.exe没报~ 已上报~

千里同风

.dat---->.exe//上海盛大网络游戏木马查杀模块

C:\Documents and Settings\Administrator\桌面\vir\es5HWk.exe
00403654: 'SOFTWARE\Borland\Delphi\RTL',0
00403670: 'FPUMaskValue',0
00404398: 0Dh,0Ah
004057C4: 'kernel32.dll',0
004057D4: 'GetLongPathNameA',0
00405A18: 'Software\Borland\Locales',0
00405A34: 'Software\Borland\Delphi\Locales',0
004071B4: 'Magellan MSWHEEL',0
004071C8: 'MouseZ',0
004071D0: 'MSWHEEL_ROLLMSG',0
004071E0: 'MSH_WHEELSUPPORT_MSG',0
004071F8: 'MSH_SCROLL_LINES_MSG',0
00408008: '$'
00408824: 'True'
00408834: 'False'
00408928: '0'
00408934: '-1'
00408D6C: '\:'
0040A600: 'gg'
0040A708: 'yy'
0040A714: 'yyyy'
0040AF00: 'AM/PM',0
0040AF08: 'A/P',0
0040AF0C: 'AMPM',0
0040AF14: 'AAAA',0
0040AF1C: 'AAA',0
0040B6A8: 'e'
0040B6B4: 'ddd'
0040B8C4: 'AM'
0040B8D0: 'PM'
0040BDB8: '1'
0040C018: '1'
0040C028: 'ggg'
0040C02C: 'yyyy',0
0040C03C: 'eeee'
0040C050: 'ee'
0040C05C: 'e'
0040C300: 0Dh,0Ah
0040D9B0: '0'
0040D9BC: 'm/d/yy'
0040D9CC: 'mmmm d, yyyy'
0040D9E4: 'am'
0040D9F0: 'pm'
0040D9FC: 'h'
0040DA08: 'hh'
0040DA14: ' AMPM'
0040DA24: 'AMPM '
0040DA34: ':mm'
0040DA40: ':mm:ss'
0040DBD0: 'kernel32.dll',0
0040DBE0: 'GetDiskFreeSpaceExA',0
0040E818: '0x'
0040F22C: 'oleaut32.dll',0
0040F23C: 'VariantChangeTypeEx',0
0040F250: 'VarNeg',0
0040F258: 'VarNot',0
0040F260: 'VarAdd',0
0040F268: 'VarSub',0
0040F270: 'VarMul',0
0040F278: 'VarDiv',0
0040F280: 'VarIdiv',0
0040F288: 'VarMod',0
0040F290: 'VarAnd',0
0040F298: 'VarOr',0
0040F2A0: 'VarXor',0
0040F2A8: 'VarCmp',0
0040F2B0: 'VarI4FromStr',0
0040F2C0: 'VarR4FromStr',0
0040F2D0: 'VarR8FromStr',0
0040F2E0: 'VarDateFromStr',0
0040F2F0: 'VarCyFromStr',0
0040F300: 'VarBoolFromStr',0
0040F310: 'VarBstrFromCy',0
0040F320: 'VarBstrFromDate',0
0040F330: 'VarBstrFromBool',0
00411548: 'Empty'
00411558: 'Null'
00411568: 'Smallint'
0041157C: 'Integer'
0041158C: 'Single'
0041159C: 'Double'
004115AC: 'Currency'
004115C0: 'Date'
004115D0: 'OleStr'
004115E0: 'Dispatch'
004115F4: 'Error'
00411604: 'Boolean'
00411614: 'Variant'
00411624: 'Unknown'
00411634: 'Decimal'
00411644: '$0F'
00411650: 'ShortInt'
00411664: 'Byte'
00411674: 'Word'
00411684: 'LongWord'
00411698: 'Int64'
004117DC: 'String'
004117EC: 'Any'
004117F8: 'Array '
00411808: 'ByRef '
00411EF0: 'False'
00411F00: 'True'
00411F10: '.'
00412018: 'F:\Borland\Delphi7\Source\Rtl\Common\TypInfo.pas'
00412054: 'Assertion failure'
00416204: 'nil'
004162E8: '.'
0041675C: 'Strings'
00416BD4: 0Dh,0Ah
00418FE8: 'Owner'
0041A6F0: 'False'
0041A700: 'True'
0041A710: 'nil'
0041A71C: 'Null'
0041B0D8: '%s_%d'
0041C790: 'F:\Borland\Delphi7\Source\Rtl\Common\Classes.pas'
0041C7CC: 'Assertion failure'
0041CC1C: 'Left'
0041CC2C: 'Top'
0041DFA0: 'TPUtilWindow',0
0041F698: 'clBlack'
0041F6A8: 'clMaroon'
0041F6BC: 'clGreen'
0041F6CC: 'clOlive'
0041F6DC: 'clNavy'
0041F6EC: 'clPurple'
0041F700: 'clTeal'
0041F710: 'clGray'
0041F720: 'clSilver'
0041F734: 'clRed'
0041F744: 'clLime'
0041F754: 'clYellow'
0041F768: 'clBlue'
0041F778: 'clFuchsia'
0041F78C: 'clAqua'
0041F79C: 'clWhite'
0041F7AC: 'clMoneyGreen'
0041F7C4: 'clSkyBlue'
0041F7D8: 'clCream'
0041F7E8: 'clMedGray'
0041F7FC: 'clActiveBorder'
0041F814: 'clActiveCaption'
0041F82C: 'clAppWorkSpace'
0041F844: 'clBackground'
0041F85C: 'clBtnFace'
0041F870: 'clBtnHighlight'
0041F888: 'clBtnShadow'
0041F89C: 'clBtnText'
0041F8B0: 'clCaptionText'
0041F8C8: 'clDefault'
0041F8DC: 'clGradientActiveCaption'
0041F8FC: 'clGradientInactiveCaption'
0041F920: 'clGrayText'
0041F934: 'clHighlight'
0041F948: 'clHighlightText'
0041F960: 'clHotLight'
0041F974: 'clInactiveBorder'
0041F990: 'clInactiveCaption'
0041F9AC: 'clInactiveCaptionText'
0041F9CC: 'clInfoBk'
0041F9E0: 'clInfoText'
0041F9F4: 'clMenu'
0041FA04: 'clMenuBar'
0041FA18: 'clMenuHighlight'
0041FA30: 'clMenuText'
0041FA44: 'clNone'
0041FA54: 'clScrollBar'
0041FA68: 'cl3DDkShadow'
0041FA80: 'cl3DLight'
0041FA94: 'clWindow'
0041FAA8: 'clWindowFrame'
0041FAC0: 'clWindowText'
0041FBBC: 'ANSI_CHARSET'
0041FBD4: 'DEFAULT_CHARSET'
0041FBEC: 'SYMBOL_CHARSET'
0041FC04: 'MAC_CHARSET'
0041FC18: 'SHIFTJIS_CHARSET'
0041FC34: 'HANGEUL_CHARSET'
0041FC4C: 'JOHAB_CHARSET'
0041FC64: 'GB2312_CHARSET'
0041FC7C: 'CHINESEBIG5_CHARSET'
0041FC98: 'GREEK_CHARSET'
0041FCB0: 'TURKISH_CHARSET'
0041FCC8: 'HEBREW_CHARSET'
0041FCE0: 'ARABIC_CHARSET'
0041FCF8: 'BALTIC_CHARSET'
0041FD10: 'RUSSIAN_CHARSET'
0041FD28: 'THAI_CHARSET'
0041FD40: 'EASTEUROPE_CHARSET'
0041FD5C: 'OEM_CHARSET'
00420298: 'Default'
00422D34: 'Data'
0042659C: 0Fh,''l'r 'o?S?V?b?N'
004270A8: 'GetMonitorInfoA'
00427148: 'GetSystemMetrics'
004271EC: 'MonitorFromRect'
00427294: 'MonitorFromWindow'
00427330: 'MonitorFromPoint'
00427428: 'GetMonitorInfo'
00427438: 'DISPLAY',0
00427524: 'GetMonitorInfoA'
00427534: 'DISPLAY',0
00427620: 'GetMonitorInfoW'
00427630: 'DISPLAY',0
00427784: 'EnumDisplayMonitors'
004277FC: 'USER32.DLL',0
00428D14: 'comctl32.dll',0
00428D24: 'InitializeFlatSB',0
00428D38: 'UninitializeFlatSB',0
00428D4C: 'FlatSB_GetScrollProp',0
00428D64: 'FlatSB_SetScrollProp',0
00428D7C: 'FlatSB_EnableScrollBar',0
00428D94: 'FlatSB_ShowScrollBar',0
00428DAC: 'FlatSB_GetScrollRange',0
00428DC4: 'FlatSB_GetScrollInfo',0
00428DDC: 'FlatSB_GetScrollPos',0
00428DF0: 'FlatSB_SetScrollPos',0
00428E04: 'FlatSB_SetScrollInfo',0
00428E1C: 'FlatSB_SetScrollRange',0
004296A4: 'uxtheme.dll',0
004296B0: 'OpenThemeData',0
004296C0: 'CloseThemeData',0
004296D0: 'DrawThemeBackground',0
004296E4: 'DrawThemeText',0
004296F4: 'GetThemeBackgroundContentRect',0
00429714: 'GetThemePartSize',0
00429728: 'GetThemeTextExtent',0
0042973C: 'GetThemeTextMetrics',0
00429750: 'GetThemeBackgroundRegion',0
0042976C: 'HitTestThemeBackground',0
00429784: 'DrawThemeEdge',0
00429794: 'DrawThemeIcon',0
004297A4: 'IsThemePartDefined',0
004297B8: 'IsThemeBackgroundPartiallyTransparent',0
004297E0: 'GetThemeColor',0
004297F0: 'GetThemeMetric',0
00429800: 'GetThemeString',0
00429810: 'GetThemeBool',0
00429820: 'GetThemeInt',0
0042982C: 'GetThemeEnumValue',0
00429840: 'GetThemePosition',0
00429854: 'GetThemeFont',0
00429864: 'GetThemeRect',0
00429874: 'GetThemeMargins',0
00429884: 'GetThemeIntList',0
00429894: 'GetThemePropertyOrigin',0
004298AC: 'SetWindowTheme',0
004298BC: 'GetThemeFilename',0
004298D0: 'GetThemeSysColor',0
004298E4: 'GetThemeSysColorBrush',0
004298FC: 'GetThemeSysBool',0
0042990C: 'GetThemeSysSize',0
0042991C: 'GetThemeSysFont',0
0042992C: 'GetThemeSysString',0
00429940: 'GetThemeSysInt',0
00429950: 'IsThemeActive',0
00429960: 'IsAppThemed',0
0042996C: 'GetWindowTheme',0
0042997C: 'EnableThemeDialogTexture',0
00429998: 'IsThemeDialogTextureEnabled',0
004299B4: 'GetThemeAppProperties',0
004299CC: 'SetThemeAppProperties',0
004299E4: 'GetCurrentThemeName',0
004299F8: 'GetThemeDocumentationProperty',0
00429A18: 'DrawThemeParentBackground',0
00429A34: 'EnableTheming',0
0042A348: 'Delphi Picture',0
0042A358: 'Delphi Component',0
0042A4E8: '0'
0042A4F4: '1'
0042A550: '0'
0042A55C: '1'
0042A5B8: 'MAPI32.DLL'
0042A744: 'rtf'
0042A750: 'txt'
0042A788: 'comctl32.dll'
0042A8E0: 'Theme manager c 2001, 2002 Mike Lischke'
0042A908: 'button',0000h
0042A918: 'clock',0000h
0042A924: 'combobox',0000h
0042A944: 'explorerbar',0000h
0042A95C: 'header',0000h
0042A96C: 'listview',0000h
0042A998: 'progress',0000h
0042A9AC: 'rebar',0000h
0042A9B8: 'scrollbar',0000h
0042A9D8: 'startpanel',0000h
0042A9F0: 'status',0000h
0042AA08: 'taskband',0000h
0042AA1C: 'taskbar',0000h
0042AA2C: 'toolbar',0000h
0042AA3C: 'tooltip',0000h
0042AA4C: 'trackbar',0000h
0042AA60: 'traynotify',0000h
0042AA78: 'treeview',0000h
0042AA8C: 'window',0000h
0042B898: '\'
0042BA2C: ': '
0042BBF8: 'IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")'
0042BE34: 'JumpID("","%s")',0
0042C0E0: 'MS_WINHELP',0
0042C148: '#32770',0
0042E470: 'crDefault'
0042E484: 'crArrow'
0042E494: 'crCross'
0042E4A4: 'crIBeam'
0042E4B4: 'crSizeNESW'
0042E4C8: 'crSizeNS'
0042E4DC: 'crSizeNWSE'
0042E4F0: 'crSizeWE'
0042E504: 'crUpArrow'
0042E518: 'crHourGlass'
0042E52C: 'crDrag'
0042E53C: 'crNoDrop'
0042E550: 'crHSplit'
0042E564: 'crVSplit'
0042E578: 'crMultiDrag'
0042E58C: 'crSQLWait'
0042E5A0: 'crNo'
0042E5B0: 'crAppStart'
0042E5C4: 'crHelp'
0042E5D4: 'crHandPoint'
0042E5E8: 'crSizeAll'
0042E5FC: 'crSize'
0042E6A4: '|'
0042E6F8: '|'
00430A58: '%s (%s)'
00433F50: 'IsControl'
00436E64: 'DesignSize'
00440420: 'USER32',0
00440428: 'WINNLSEnableIME',0
00440438: 'imm32.dll',0
00440444: 'ImmGetContext',0
00440454: 'ImmReleaseContext',0
00440468: 'ImmGetConversionStatus',0
00440480: 'ImmSetConversionStatus',0
00440498: 'ImmSetOpenStatus',0
004404AC: 'ImmSetCompositionWindow',0
004404C4: 'ImmSetCompositionFontA',0
004404DC: 'ImmGetCompositionStringA',0
004404F8: 'ImmIsIME',0
00440504: 'ImmNotifyIME',0
0044088C: 'Delphi%.8X'
004408A0: 'ControlOfs%.8X%.8X'
004408B4: 'USER32',0
004408BC: 'AnimateWindow',0
00443670: 'Bitmap'
00443C9C: 'comctl32.dll'
00443CAC: 'comctl32.dll',0
00443CBC: 'ImageList_WriteEx',0
00444CC8: '1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ'
00445034: 'F'
004451C4: '^'
00445CC4: 09h
00445CD0: '-'
004460CC: 'ShortCutText'
004462FC: ' '
00446308: '-'
00446C64: '-'
00447594: '-'
004479CC: '-'
00448D54: '...'
00448D60: '('
00448D6C: '&'
00448D78: ')'
00449288: '-'
00449294: '&'
004492F4: '-'
0044FFF8: 'PixelsPerInch'
00450010: 'TextHeight'
00450024: 'IgnoreFontProperty'
004500FC: '0'
00452418: 'MDICLIENT',0
00456284: 'System\CurrentControlSet\Control\Keyboard Layouts\%.8x',0
004562BC: 'layout text',0
00456F2C: 'TApplication',0
00457180: 'MAINICON',0
004580E8: 'vcltest3.dll'
004580F8: 'RegisterAutomation',0
00458BC4: '.'
00459EFC: 'User32.dll',0
00459F08: 'SetLayeredWindowAttributes',0
0045A01C: 'TaskbarCreated',0
0045A534: 'Yes'
0045A540: 'No'
0045A54C: 'OK'
0045A558: 'Cancel'
0045A568: 'Abort'
0045A578: 'Retry'
0045A588: 'Ignore'
0045A598: 'All'
0045A5A4: 'NoToAll'
0045A5B4: 'YesToAll'
0045A5C8: 'Help'
0045A630: 'commdlg_help',0
0045A640: 'commdlg_FindReplace',0
0045A654: 'WndProcPtr%.8X%.8X',0
0045A7C8: 'list.vdat'
0045A7DC: '.\vl.dat'
0045A7F0: '.\fl.dat'
0045A970: 'icmp.dll',0
0045A97C: 'Ws2_32.dll',0
0045A988: 'inet_addr',0
0045A994: 'IcmpCreateFile',0
0045A9A4: 'IcmpCloseHandle',0
0045A9B4: 'IcmpSendEcho',0
0045AB64: 'Hello,World'
0045AF98: 'kernel32.dll',0
0045AFA8: 'CreateToolhelp32Snapshot',0
0045AFC4: 'Heap32ListFirst',0
0045AFD4: 'Heap32ListNext',0
0045AFE4: 'Heap32First',0
0045AFF0: 'Heap32Next',0
0045AFFC: 'Toolhelp32ReadProcessMemory',0
0045B018: 'Process32First',0
0045B028: 'Process32Next',0
0045B038: 'Process32FirstW',0
0045B048: 'Process32NextW',0
0045B058: 'Thread32First',0
0045B068: 'Thread32Next',0
0045B078: 'Module32First',0
0045B088: 'Module32Next',0
0045B098: 'Module32FirstW',0
0045B0A8: 'Module32NextW',0
0045B41C: 'PSAPI.dll',0
0045B428: 'EnumProcesses',0
0045B438: 'EnumProcessModules',0
0045B44C: 'GetModuleBaseNameA',0
0045B460: 'GetModuleFileNameExA',0
0045B478: 'GetModuleBaseNameW',0
0045B48C: 'GetModuleFileNameExW',0
0045B4A4: 'GetModuleInformation',0
0045B4BC: 'EmptyWorkingSet',0
0045B4CC: 'QueryWorkingSet',0
0045B4DC: 'InitializeProcessForWsWatch',0
0045B4F8: 'GetMappedFileNameA',0
0045B50C: 'GetDeviceDriverBaseNameA',0
0045B528: 'GetDeviceDriverFileNameA',0
0045B544: 'GetMappedFileNameW',0
0045B558: 'GetDeviceDriverBaseNameW',0
0045B574: 'GetDeviceDriverFileNameW',0
0045B590: 'EnumDeviceDrivers',0
0045B5A4: 'GetProcessMemoryInfo',0
0045BA14: 'wininit.ini',0
0045BA24: 'rename',0
0045C24C: '\VarFileInfo\Translation',0
0045C270: 'StringFileInfo\'
0045C288: '\CompanyName'
0045C298: 'Symantec Corporation',0
0045C2B0: 'Symantec',0
0045C8A8: '\VarFileInfo\Translation',0
0045C8CC: 'StringFileInfo\'
0045C8E4: '\FileDescription'
0045C920: '\ProductName'
0045C930: 'Shanda Scan Tools',0
0045C984: 'selfdel.bat'
0045CB24: [email=]'@echo[/email] off',0Dh,0Ah,':selfkill',0Dh,0Ah,'attrib -a -r -s -h "'
0045CB58: '"'
0045CB64: 0Dh
0045CB70: 0Ah
0045CB7C: 'del "'
0045CB8C: 'if exist "'
0045CBA0: '" goto selfkill'
0045CBB8: 'del %0'
0045D01C: 'OnMAction invoke failure!'
0045D468: ';'
0045D474: 0Ah
0045D514: 'OnPOp invoke failure!'
0045D9BC: ','
0045DB84: ';'
0045DB90: 0Ah
0045DE0C: 0Ah
0045DF00: '61.172.247.103'
0045DF18: 'http://61.172.247.103/mir2/user.php?user=u'
0045E128: 'SLSERV.EXE',0
0045E138: 'SLHOST.DLL',0
0045E148: 'RUNDLL.EXE',0
0045E158: 'services.exe',0
0045E168: 'twain16.dll',0
0045E174: 'H00KDLL.DLL',0
0045E180: 'EXPLORER.COM',0
0045E190: 'WINMGMT.EXE',0
0045E19C: 'CNS.DLL',0
0045E1A4: 'vba.dll',0
0045E1AC: 'assistse.exe',0
0045E1BC: 'uninstall.exe',0
0045E1CC: 'html\scanregw.exe',0
0045E1E0: 'Winsys.exe',0
0045E1EC: 'installss.exe',0
0045E1FC: 'wsswinse.exe',0
0045E20C: 'dws.dll',0
0045E214: 'VMCAP32.EXE',0
0045E220: 'VMC.DLL',0
0045E228: 'ASSISTE.EXE',0
0045E238: 'CMTASK.EXE',0
0045E244: 'MDVSN.DLL',0
0045E250: 'csrss32.exe',0
0045E25C: 'WINMGR.EXE',0
0045E268: 'MSM32.EXE',0
0045E274: 'WINDISK.EXE',0
0045E280: 'XYZDOWN.DLL',0
0045E290: 'winsfg.exe',0
0045E29C: 'WMSFG.EXE',0
0045E2A8: 'wininet32.DLL',0
0045E2B8: 'lnternet.exe',0
0045E2C8: 'ygqz9h.dll',0
0045E2D4: 'YUSERSDF.dll',0
0045E2E4: 'hkcmi.exe',0
0045E2F0: 'hkcmi.dll',0
0045E2FC: 'DLL.dll',0
0045E8D8: '\'
0045E8E4: 0Ah
0045EA7C: '61.172.247.103'
0045EAB8: 'http://61.172.247.103/mir2/user.php?user=u'
0045EB28: 'PackRslt.txt'
0045F04C: 'ThunderRT5Main',0
0045F05C: 'ThunderRT6Main',0
0045F06C: 'lbrow.exe',0
0045F358: '\html\scanregw.exe'
0045F374: '\wininet32.dll'
0045F38C: 'explorer.exe'
0045F3A4: 0Ah
0045F4C8: '\'
0045F4D4: 'explorer.exe'
0045F4E4: 'open',0
0045F57C: 'ws2_32.dll',0
0045F588: 'send',0
0045F590: 'recv',0
0045F598: 'inet_addr',0
0045F5A4: 'wsock32.dll',0
0045F92C: '\'
00460920: 0Ah
00460B94: 'SeDebugPrivilege',0
00461618: 'fl.dat'
00461628: 'vl.dat'
00461638: 'mir3.dat'
0046164C: 'mir2.dat'
00461660: 'mir1.dat'
00461674: 'mir.exe'
00461684: 'mir.dat'
004616A8: 0Ah
004616B8: 'TfrmMainMain',0
004616C8: 'winfiles\shell\open\command',0
004616E4: '"%1" %*',0
0046206C: 'Error',0
00462074: 'Runtime error     at 00000000',0
00462427: 0Dh,'MS Sans Serif'

[ 本帖最后由 千里同风 于 2007-12-17 15:00 编辑 ]

扫描进行于：2007-12-17 13:43:54
扫描日志
NOD32版本 2726 (20071217) NT
命令行： F:\virus\vir.rar

日期： 17.12.2007  时间：13:43:55
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：F:\virus\vir.rar
F:\virus\vir.rar >>RAR >>vir\ntdeIect.com - Win32/Pacex.Gen 病毒
已扫描的文件数目：3
已发现的病毒数目：1
完成时间： 13:43:55 总扫描时间：0 秒 (00:00:00)

sqsszzq

扫描结果 :	67%的杀软(24/36)报告发现病毒
时间 :	2007/12/17 15:32:25

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	3.0.0.126	2007.12.16	2007-12-16	Trojan-Downloader.Win32.Agent.fat	4.223
AntiVir	7.6.0.45	7.0.1.102	2007-12-17	TR/Crypt.NSPM.Gen	8.916
Arcavir	1.0.4	200712161242	2007-12-16	Trojan.Psw.Onlinegames.Klz	6.959
AVAST	1.0.8	071216-0	2007-12-16	-	8.663
AVG	7.5.49.442	269.17.1/1183	2007-12-13	Downloader.Agent.VTY	9.746
BitDefender	7.60825.960375	7.16338	2007-12-17	Packer.Malware.NSAnti.J	17.020
CA (VET)	9.0.0.143	31.3.5377	2007-12-15	-	12.886
ClamAV	0.91.2	5152	2007-12-17	-	1.447
Comodo	2.11	2.0.0.375	2007-12-16	-	3.302
CP Secure	1.1.0.655	2007.12.17	2007-12-17	Troj.PSW.W32.OnLineGames.klz	20.627
Dr.WEB	4.44.0.9170	2007.12.16	2007-12-16	-	10.692
ewido	4.0.0.2	2007.12.16	2007-12-16	-	3.945
F-PROT	4.4.1.52	20071216	2007-12-16	-	8.700
F-SECURE	5.51.6100	2007.12.16.03	2007-12-16	Trojan-PSW.Win32.OnLineGames.klz [AVP]	0.077
IKARUS	T3.1.01.15	2007.12.17.70002	2007-12-17	Trojan-Downloader.Win32.Delf.asz	1.770
MKS_VIR	2.01	2007.12.16	2007-12-16	-	11.022
NOD32	2.70.10	2726	2007-12-17	-	0.088
NORMAN	5.91.08	5.90	2007-12-13	W32/Smalltroj.BPDD	31.392
nProtect	2007-12-17.00	1092503	2007-12-17	Trojan-Downloader/W32.Agent.457728	5.881
Prevx	V2	20071217	2007-12-17	Generic.Malware	10.356
QuickHeal	9.00	2007.12.15	2007-12-15	TrojanDownloader.Agent.fat	3.882
SOPHOS	2.49.1	4.21	2007-12-16	Mal/GamePSW-C	20.152
The Hacker	6.2.9	v00160	2007-12-14	Trojan/Downloader.Agent.fat	1.534
VBA32	3.12.2.5	20071214.1956	2007-12-14	Trojan-Downloader.Win32.Agent.fat	4.779
ViRobot	20071214	2007.12.14	2007-12-14	Trojan.Win32.Downloader.457728	1.194
VirusBuster	4.3.19:9	9.117.4/11.0	2007-12-16	-	5.769
卡巴斯基	5.5.10	2007.12.17	2007-12-17	Trojan-PSW.Win32.OnLineGames.klz	30.117
安博士V3	2007.12.15.00	2007.12.15	2007-12-15	Win-Trojan/OnlineGameHack.116206	1.956
江民杀毒	10.00.650	2007.12.16	2007-12-16	TrojanDownloader.Agent.vwd	1.904
熊猫卫士	9.04.03.0001	2007.12.16	2007-12-16	Trj/Lineage.GQP	5.010
瑞星	19.0	20.22.41.00	2007-12-14	AdWare.Win32.Agent.zkh	3.218
赛门铁克	1.3.0.24	20071216.003	2007-12-16	Trojan Horse	0.279
趋势	8.500-1001	4.892.08	2007-12-16	TSPY_LEGMIR.CYE	0.049
迈克菲	5.2.00	5186	2007-12-14	-	5.168
金山毒霸	2007.6.20.249	2007.12.16	2007-12-16	Win32.Hack.NSAnti.ge	1.166
飞塔	2.81-3.11	8.449	2007-12-03	-	0.983

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

复制到剪贴板

BING126

McAfee miss

Graybird

The file 'csrssddv.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Agent.90112.H. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

hao8219

小红伞的网络监控直接拒绝了