Rootkit.Win32.Vanti.hz

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： RootKit.Agent.yu         

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.28.62

woai_jolin

2008-01-27 20:38:14        文件保护(创建文件)     操作:阻止
进程路径:G:\v\1.cmd
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\30.sfx.exe
2008-01-27 20:38:14        文件保护(创建文件)     操作:阻止
进程路径:G:\v\1.cmd
文件路径:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\30.sfx.exe

2008-1-27 20:38:09        Real-time file system protection        file        G:\v\1.sys        a variant of Win32/Rootkit.Vanti.EE trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

鱼是一只我

江民～～～～～～～～～

leonfg

ESET
C:\Documents and Settings\GSG\桌面\1.rar >>RAR >>1.sys - Win32/Rootkit.Vanti.EE 木马的变种

Nblock

原帖由 鱼是一只我 于 2008-1-27 20:39 发表
江民～～～～～～～～～

江民报这个

ballakay

Scanning Report
27 January 2008 22:12:14 - 22:12:17
Computer name: PUMA-PC
Scanning type: Scan target
Target: C:\Users\Administrator\Desktop\1.rar


--------------------------------------------------------------------------------

Result: 2 malware found
Rootkit.Win32.Agent.ez (virus)
C:\Users\Administrator\Desktop\1.rar\1.sys
Trojan-PSW.Win32.Magania.dsg (virus)
C:\Users\Administrator\Desktop\1.rar\1.cmd




--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 3
Not scanned: 0
Result:
Viruses: 2
Spyware: 0
Suspicious items: 0
Riskware: 0
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Quarantined: 0
Failed: 0
Boot Sectors:
Scanned: 0
Infected: 0
Suspicious items: 0
Disinfected: 0


--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2008-01-26_03
Spyware: 2008-01-26_03
Scanning Engines:
F-Secure AVP: 7.00.171, 2008-01-26
F-Secure Libra: 2.04.01, 2008-01-24
F-Secure Orion: 1.02.37, 2008-01-26
F-Secure Draco: 1.00.35, 2008-01-14
Scanning options:
Scan all files
Scan inside archives
Actions:
Viruses: Delete infected files
Spyware: Delete infected files

曲中求

报SYS

wangjay1980

detected: Trojan program Rootkit.Win32.Agent.ez        File: C:\Documents and Settings\Owner\×ÀÃæ\1.rar/1.sys
detected: Trojan program Trojan-PSW.Win32.Magania.dsg        File: C:\Documents and Settings\Owner\×ÀÃæ\1.rar/1.cmd//data.rar/30.sfx.exe//data.rar/30.exe

傻猪猪米走鸡

2008-1-27 23:59:29        Real-time file system protection        file        E:\virus\1(2)\1.sys        a variant of Win32/Rootkit.Vanti.EE trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

woai_jolin

Scan Log
Version of virus signature database: 2825 (20080127)
Date: 2008-1-27  Time: 23:57:20
Scanned disks, folders and files: G:\v\1.rar
G:\v\1.rar » RAR » 1.sys - a variant of Win32/Rootkit.Vanti.EE trojan - was a part of the deleted object
G:\v\1.rar » RAR » 1.cmd » RAR » 30.sfx.exe » RAR » 30.exe - is OK
G:\v\1.rar » RAR » 1.cmd » RAR » mm\168_325566_f54679f96e1c490 [%P].jpg - is OK
G:\v\1.rar » RAR » 1.cmd » RAR » mm\168_378561_7ccc6cb8001c00f [%P].jpg - is OK
G:\v\1.rar » RAR » 1.cmd » RAR » mm\2005610010104150 [%P].jpg - is OK
G:\v\1.rar » RAR » 1.cmd » RAR » mm\242965581_9faa239705_o [%P].jpg - is OK
G:\v\1.rar » RAR » 1.cmd » RAR » mm\harajuku-15 [%P].jpg - is OK
G:\v\1.rar » RAR » 1.cmd » RAR » mm\harajuku-6 [%P].jpg - is OK
G:\v\1.rar » RAR » 1.cmd » RAR » mm\Thumbs.db - is OK
Number of scanned objects: 10
Number of threats found: 1
Time of completion: 23:57:24  Total scanning time: 4 sec (00:00:04)