25

qianwenxiang

Starting the file scan:

Begin scan in 'E:\dpack.rar'
E:\dpack.rar
  [0] Archive type: RAR
  --> admin2.exe
      [DETECTION] Contains detection pattern of the dropper DR/Inject.alz
  --> servstr.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.brp Backdoor server programs
    --> webinst.cab
      [1] Archive type: CAB (Microsoft)
      --> webinst.dll
          [DETECTION] Is the Trojan horse TR/Downloader.Gen
  --> Kvmon.dll
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
  --> Kvmon.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
    --> mrofinu.exe.bin
      [1] Archive type: ZIP
      --> mrofinu.exe
          [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> mrofinu1535.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> mrofinu1535.exe.tmp
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> svchost.exe
      [DETECTION] Is the Trojan horse TR/PSW.Maran.FF
  --> Ir32_a.exe
      [DETECTION] Is the Trojan horse TR/Agent.AHQQ.1
  --> lwisys16_080122.dll
      [DETECTION] Is the Trojan horse TR/Spy.Pophot.abr.12
  --> mwisys32_080122.dll
      [DETECTION] Is the Trojan horse TR/Spy.Pophot.abr.11
  --> myhide.sys
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aas
  --> rqRKBtUL.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
  --> svchst.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.wgc
  --> sysgrw.exe
      [DETECTION] Is the Trojan horse TR/Spy.Agent.ash
  --> sysgrz.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aas
  --> systemlf.dll
      [DETECTION] Is the Trojan horse TR/Spy.Agent.ash
  --> systemz.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.wna
  --> tj1viwer.dll
      [DETECTION] Is the Trojan horse TR/Drop.Maran.CJ.2
      [WARNING]   The file was ignored!


End of the scan: 2008年4月1日  22:03
Used time: 00:21 min

The scan has been done completely.

      0 Scanning directories
     26 Files were scanned
     20 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      6 Files not concerned
      3 Archives were scanned
      1 Warnings
      0 Notes

allinwonderi

[Found backdoor]     <W32/Hupigon.C.gen!Eldorado (not disinfectable, generic)>    C:\Documents and Settings\All Users\Documents\Test\dpack.rar->Kvmon.dll
[Found backdoor]     <W32/Backdoor2.WYA (exact, not disinfectable)>    C:\Documents and Settings\All Users\Documents\Test\dpack.rar->Kvmon.exe
[Found password stealer]     <W32/Maran.ADP (exact, not disinfectable)>    C:\Documents and Settings\All Users\Documents\Test\dpack.rar->svchost.exe
[Unscannable]    <File is damaged>    C:\Documents and Settings\All Users\Documents\Test\dpack.rar->Ir32_b.exe

---------------------------------------------------------------------
Scan ended:    2008-4-1, 22:07:27
Duration:    0:00:01

Scan result:

Scanned files:         6
Infected objects:     3
Disinfected objects:     0
Quarantined files:     0
---------------------------------------------------------------------

[ 本帖最后由 allinwonderi 于 2008-4-1 22:07 编辑 ]

allinwonderi

[Scanning : C:\Documents and Settings\All Users\Documents\Test]


C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:admin2.exe<DLLRES>:CABINET0.cab<CAB>:t1.exe <- Trojan.Inject.Alz : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:admin2.exe<DLLRES>:CABINET0.cab<CAB>:f1.exe <- Trojan.Psw.Onlinegames.Wmz : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:admin2.exe<DLLRES>:CABINET0.cab<CAB>:f1.exe<UPack>:f1.exe <- Trojan.Psw.Onlinegames.Wmz : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:admin2.exe<DLLRES>:CABINET0.cab<CAB>:f1.exe<UPack>:f1.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Wna : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:servstr.exe <- Trojan.Pcclient.Buh : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:webinst.cab<CAB>:webinst.dll<UPX>:webinst.dll <- Joke.Renos.Atv : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:webinst.cab<CAB>:webinst.dll<UPX>:webinst.dll<DLLRES>:res0.exe <- Joke.Renos.Bfn : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:Kvmon.dll <- Variant:Trojan.Delf.Dob : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:Kvmon.exe <- Trojan.Delf.Dob : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:Kvmon.exe<DLLRES>:MYDLL0.exe <- Variant:Trojan.Delf.Dob : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:mrofinu.exe.bin<ZIP>:mrofinu.exe <- Trojan.Downloader.Homles.At : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:mrofinu1535.exe <- Trojan.Downloader.Homles.At : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:mrofinu1535.exe.tmp <- Trojan.Downloader.Homles.At : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:svchost.exe <- Trojan.Psw.Maran.Dy : No action
C:\Documents and Settings\All Users\Documents\Test\dpack.rar<RAR>:Ir32_a.exe <- Trojan.Inject.Alz : No action



Scanned objects : 27

Infected objects : 15

平淡

C:\Documents and Settings\Administrator\桌面\dpack.rar>>admin2.exe>>emb-0.cab>>f1.exe        TrojanDownloader.Nurech.bd.bmqk        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>Kvmon.dll        TrojanPSW.OnLineGames.sas.ltqy.dll        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>Kvmon.exe        Backdoor.Delf.dgt.gxtt        后门        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>lwisys16_080122.dll        Trojan.Clicker.PopHot.hb.bncc.dll        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>mrofinu.exe.bin>>mrofinu.exe        TrojanDownloader.Homles.at.glcm        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>mrofinu1535.exe        TrojanDownloader.Homles.at.glcm        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>mrofinu1535.exe.tmp        TrojanDownloader.Homles.at.glcm        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>mwisys32_080122.dll        W32.Hitapop.ujhy.dll        病毒        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>rqRKBtUL.dll        Adware.Virtumonde.gen.dqth.dll        广告程序        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>servstr.exe        Backdoor.PcClient.buh.mogm        后门        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>svchost.exe        TrojanPSW.Maran.ff.edgu        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>svchst.exe        TrojanPSW.OnLineGames.wgc.zojv        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>sysgrw.exe        TrojanPSW.Agent.vqp.olfx        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>sysgrz.exe        TrojanDownloader.Nurech.bd.bmqk        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>systemlf.dll        TrojanSpy.Agent.ash.yqhs.dll        木马        还未处理
C:\Documents and Settings\Administrator\桌面\dpack.rar>>tj1viwer.dll        TrojanPSW.Maran.ff.klcg.dll        木马        还未处理

3805759  Ir32_b.exe  34 KB  UNDER ANALYSIS
197880  mrofinu.exe  0 Byte  CLEAN
3805760  syswin.sys  8 KB  UNDER ANALYSIS
197880  1111.exe  0 Byte  CLEAN
197880  17PHolmes1535.exe  0 Byte  CLEAN

leonfg

ESET 14
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » admin2.exe » CAB » f1.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » servstr.exe - probably a variant of Win32/PcClient trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » webinst.cab » CAB » webinst.dll - Win32/TrojanDropper.Agent.NIC trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » Kvmon.dll - probably a variant of Win32/Hupigon trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » Kvmon.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » mrofinu.exe.bin » ZIP » mrofinu.exe - Win32/TrojanDownloader.Agent.BLS trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » mrofinu1535.exe - Win32/TrojanDownloader.Agent.BLS trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » mrofinu1535.exe.tmp - Win32/TrojanDownloader.Agent.BLS trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » svchost.exe - Win32/PSW.Maran.FF trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » lwisys16_080122.dll - a variant of Win32/Spy.Delf.NHF trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » sysgrw.exe - Win32/PSW.OnLineGames.LYX trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » sysgrz.exe - probably unknown NewHeur_PE virus
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » systemlf.dll - Win32/PSW.OnLineGames.KAK trojan
C:\Documents and Settings\GUNDAM\桌面\dpack.rar » RAR » tj1viwer.dll - Win32/PSW.Maran.FF trojan

Nerazzurri

deleted: Trojan program Trojan.Win32.Inject.alz        File: C:\Users\Nerazzurri\Desktop\dpack.rar/admin2.exe//data0000.cab/t1.exe
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.wmz        File: C:\Users\Nerazzurri\Desktop\dpack.rar/admin2.exe//data0000.cab/f1.exe//PE_Patch//UPack
deleted: Trojan program Backdoor.Win32.PcClient.buh        File: C:\Users\Nerazzurri\Desktop\dpack.rar/servstr.exe
deleted: malware not-virus:Hoax.Win32.Renos.atv        File: C:\Users\Nerazzurri\Desktop\dpack.rar/webinst.cab/webinst.dll//PE_Patch.UPX//UPX
deleted: Trojan program Backdoor.Win32.Delf.dgt        File: C:\Users\Nerazzurri\Desktop\dpack.rar/Kvmon.exe
deleted: Trojan program Trojan-Downloader.Win32.Homles.at        File: C:\Users\Nerazzurri\Desktop\dpack.rar/mrofinu.exe.bin/mrofinu.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-Downloader.Win32.Homles.at        File: C:\Users\Nerazzurri\Desktop\dpack.rar/mrofinu1535.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-Downloader.Win32.Homles.at        File: C:\Users\Nerazzurri\Desktop\dpack.rar/mrofinu1535.exe.tmp//PE_Patch.Upolyx//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-PSW.Win32.Maran.ff        File: C:\Users\Nerazzurri\Desktop\dpack.rar/svchost.exe
deleted: Trojan program Trojan-Spy.Win32.Pophot.abr        File: C:\Users\Nerazzurri\Desktop\dpack.rar/lwisys16_080122.dll
deleted: Trojan program Trojan-Spy.Win32.Pophot.abr        File: C:\Users\Nerazzurri\Desktop\dpack.rar/mwisys32_080122.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.wkt        File: C:\Users\Nerazzurri\Desktop\dpack.rar/myhide.sys
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.gen        File: C:\Users\Nerazzurri\Desktop\dpack.rar/rqRKBtUL.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.wgc        File: C:\Users\Nerazzurri\Desktop\dpack.rar/svchst.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.lyx        File: C:\Users\Nerazzurri\Desktop\dpack.rar/sysgrw.exe//PE_Patch//UPack
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.wmz        File: C:\Users\Nerazzurri\Desktop\dpack.rar/sysgrz.exe//PE_Patch//UPack
deleted: Trojan program Trojan-Spy.Win32.Agent.ash        File: C:\Users\Nerazzurri\Desktop\dpack.rar/systemlf.dll
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.wna        File: C:\Users\Nerazzurri\Desktop\dpack.rar/systemz.dll
deleted: Trojan program Trojan-PSW.Win32.Maran.ff        File: C:\Users\Nerazzurri\Desktop\dpack.rar/tj1viwer.dll

aerbeisi

[Found backdoor]         <W32/Hupigon.C.gen!Eldorado (not disinfectable, generic)>        C:\test\dpack\Kvmon.dll
[Found backdoor]         <W32/Backdoor2.WYA (exact)>        C:\test\dpack\Kvmon.exe
[Found password stealer]         <W32/Maran.ADP (exact)>        C:\test\dpack\svchost.exe
[Found security risk]         <W32/Agent.AC.gen!Eldorado (not disinfectable, generic)>        C:\test\dpack\lwisys16_080122.dll
[Found backdoor]         <W32/Agent.B.gen!Eldorado (not disinfectable, generic)>        C:\test\dpack\mwisys32_080122.dll
[Found adware]         <W32/Virtumonde.G.gen!Eldorado (not disinfectable, generic)>        C:\test\dpack\rqRKBtUL.dll
[Found password stealer]         <W32/Pws.ACIL (exact)>        C:\test\dpack\svchst.exe->(UPX)
[Found virus]         <W32/Downloader.gen10>        C:\test\dpack\sysgrw.exe
[Found virus]         <W32/Downloader.gen10>        C:\test\dpack\sysgrz.exe
[Found Trojan]         <W32/Trojan2.TSL (exact)>        C:\test\dpack\systemlf.dll
[Found Trojan]         <W32/Trojan.ATII (exact)>        C:\test\dpack\tj1viwer.dll

solcroft

那个drpak2.exe真恐怖，怎么全都是tibetbelongstochina
另外发现threatfire的防御能力进展神速，嘿嘿