11

qianwenxiang

Starting the file scan:

Begin scan in 'E:\epack.rar'
E:\epack.rar
  [0] Archive type: RAR
  --> 77589.dll
      [DETECTION] Is the Trojan horse TR/PSW.Ganhame.HU.5
  --> Img_Proc.dll
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ypx
  --> windf.EXE
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rra
  --> windf.hlp
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rra
  --> scrsys16_080122.dll
      [DETECTION] Is the Trojan horse TR/Spy.Pophot.abr.12
  --> scrsys080122.scr
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
  --> conime.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
  --> f1.exe
      [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aas
  --> t1.exe
      [DETECTION] Is the Trojan horse TR/Inject.alz
  --> sslxpes080122.exe
      [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [WARNING]   The file was ignored!


End of the scan: 2008年4月1日  22:05
Used time: 00:20 min

The scan has been done completely.

      0 Scanning directories
     12 Files were scanned
     10 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      2 Files not concerned
      1 Archives were scanned
      1 Warnings
      0 Notes

平淡

C:\Documents and Settings\Administrator\桌面\epack.rar>>77589.dll        TrojanPSW.Ganhame.hu.eqkc.dll        木马        还未处理
C:\Documents and Settings\Administrator\桌面\epack.rar>>conime.exe        Backdoor.Delf.dgt.gxtt        后门        还未处理
C:\Documents and Settings\Administrator\桌面\epack.rar>>f1.exe        TrojanDownloader.Nurech.bd.bmqk        木马        还未处理
C:\Documents and Settings\Administrator\桌面\epack.rar>>scrsys080122.scr        Heuri.Suspicious.ERNM        启发式扫描        还未处理
C:\Documents and Settings\Administrator\桌面\epack.rar>>scrsys16_080122.dll        Trojan.Clicker.PopHot.hb.bncc.dll        木马        还未处理
C:\Documents and Settings\Administrator\桌面\epack.rar>>sslxpes080122.exe        Heuri.Suspicious.ERNM        启发式扫描        还未处理
C:\Documents and Settings\Administrator\桌面\epack.rar>>windf.EXE        Packed.UPX.a        带壳程序        还未处理
C:\Documents and Settings\Administrator\桌面\epack.rar>>windf.hlp        TrojanPSW.OnLineGames.tza.qejp.dll        木马        还未处理

The file 'beep.sys' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Windows XP (SP0)'.

[ 本帖最后由 Exia 于 2008-4-1 22:28 编辑 ]

allinwonderi

Scan started: 2008-4-1, 22:10:06
---------------------------------------------------------------------
[Found password stealer]         <W32/Pws.ACJF (exact, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\epack.rar->windf.EXE->(UPX)
[Found possible virus]         <W32/Backdoor-HLLD-based!Maximus (not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\epack.rar->windf.hlp
[Found security risk]         <W32/Agent.AC.gen!Eldorado (not disinfectable, generic)>        C:\Documents and Settings\All Users\Documents\Test\epack.rar->scrsys16_080122.dll
[Found security risk]         <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\Documents and Settings\All Users\Documents\Test\epack.rar->scrsys080122.scr
[Found backdoor]         <W32/Backdoor2.WYA (exact, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\epack.rar->conime.exe
[Found virus]         <W32/Downloader.gen10 (not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\epack.rar->f1.exe
[Found security risk]         <W32/Injector.A.gen!Eldorado (not disinfectable, generic)>        C:\Documents and Settings\All Users\Documents\Test\epack.rar->sslxpes080122.exe

---------------------------------------------------------------------
Scan ended:        2008-4-1, 22:10:25
Duration:        0:00:18

Scan result:

Scanned files:                 6
Infected objects:         7
Disinfected objects:         0
Quarantined files:         0
---------------------------------------------------------------------

allinwonderi

[Scanning : C:\Documents and Settings\All Users\Documents\Test]


C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:Img_Proc.dll <- Trojan.Psw.Onlinegames.Ypx : No action
C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:scrsys16_080122.dll <- Trojan.Spy.Pophot.Abr : No action
C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:scrsys080122.scr <- Trojan.Spy.Pophot.Abr : No action
C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:conime.exe <- Trojan.Delf.Dob : No action
C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:conime.exe<DLLRES>:MYDLL0.exe <- Variant:Trojan.Delf.Dob : No action
C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:f1.exe <- Trojan.Psw.Onlinegames.Wmz : No action
C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:f1.exe<UPack>:f1.exe <- Trojan.Psw.Onlinegames.Wmz : No action
C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:f1.exe<UPack>:f1.exe<DLLRES>:res0.exe <- Trojan.Psw.Onlinegames.Wna : No action
C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:t1.exe <- Trojan.Inject.Alz : No action
C:\Documents and Settings\All Users\Documents\Test\epack.rar<RAR>:sslxpes080122.exe <- Trojan.Spy.Pophot.Abr : No action



Scanned objects : 19

Infected objects : 10

无尽藏海

E:\VIRUS\epack\conime.exe - 未查明的 NewHeur_PE 病毒
E:\VIRUS\epack\f1.exe - 未查明的 NewHeur_PE 病毒
E:\VIRUS\epack\scrsys080122.scr - Win32/Spy.Delf.NHF 特洛伊木马 的变种
E:\VIRUS\epack\scrsys16_080122.dll - Win32/Spy.Delf.NHF 特洛伊木马 的变种
E:\VIRUS\epack\sslxpes080122.exe - Win32/Spy.Delf.NHF 特洛伊木马 的变种

wangjay1980

to kl

gaojun7206

epack.rar
    [0] Archive type: RAR
    --> 77589.dll
        [DETECTION] Is the Trojan horse TR/PSW.Ganhame.HU.5
        [WARNING]   Infected files in archives cannot be repaired!
    --> beep.sys
    --> Img_Proc.dll
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.ypx
        [WARNING]   Infected files in archives cannot be repaired!
    --> windf.EXE
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rra
        [WARNING]   Infected files in archives cannot be repaired!
    --> windf.hlp
        [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rra
        [WARNING]   Infected files in archives cannot be repaired!
    --> scrsys16_080122.dll
        [DETECTION] Is the Trojan horse TR/Spy.Pophot.abr.12
        [WARNING]   Infected files in archives cannot be repaired!
    --> scrsys080122.scr
        [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
        [WARNING]   Infected files in archives cannot be repaired!
    --> conime.exe
        [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
        [WARNING]   Infected files in archives cannot be repaired!
    --> f1.exe
        [DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aas
        [WARNING]   Infected files in archives cannot be repaired!
    --> t1.exe
        [DETECTION] Is the Trojan horse TR/Inject.alz
        [WARNING]   Infected files in archives cannot be repaired!
    --> sslxpes080122.exe
        [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
        [WARNING]   Infected files in archives cannot be repaired!
        [INFO]      The file was moved to '48535c2f.qua'!