文件 Protector.sys 接收于 2009.04.02 17:18:59 (CET)
当前状态: 完成

结果: 4/40 (10.00%)
格式化文本 打印结果 
反病毒引擎 版本 最后更新 扫描结果
a-squared 4.0.0.101 2009.04.02 -
AhnLab-V3 5.0.0.2 2009.04.02 -
AntiVir 7.9.0.129 2009.04.02 -
Antiy-AVL 2.0.3.1 2009.04.02 -
Authentium 5.1.2.4 2009.04.01 -
Avast 4.8.1335.0 2009.04.02 -
AVG 8.5.0.285 2009.04.02 -
BitDefender 7.2 2009.04.02 -
CAT-QuickHeal 10.00 2009.04.01 -
ClamAV 0.94.1 2009.04.02 -
Comodo 1093 2009.04.01 -
DrWeb 4.44.0.09170 2009.04.02 -
eSafe 7.0.17.0 2009.04.02 -
eTrust-Vet 31.6.6432 2009.04.02 -
F-Prot 4.4.4.56 2009.04.01 -
F-Secure 8.0.14470.0 2009.04.02 -
Fortinet 3.117.0.0 2009.04.02 -
GData 19 2009.04.02 -
Ikarus T3.1.1.49.0 2009.04.02 -
K7AntiVirus 7.10.690 2009.04.01 Backdoor.Win32.HacDef.toxx
Kaspersky 7.0.0.125 2009.04.02 -
McAfee 5571 2009.04.01 -
McAfee+Artemis 5571 2009.04.01 -
McAfee-GW-Edition 6.7.6 2009.04.01 -
Microsoft 1.4502 2009.04.02 -
NOD32 3983 2009.04.02 -
Norman 6.00.06 2009.04.02 -
nProtect 2009.1.8.0 2009.04.02 -
Panda 10.0.0.14 2009.04.02 -
PCTools 4.4.2.0 2009.04.02 -
Prevx1 V2 2009.04.02 High Risk System Back Door
Rising 21.23.32.00 2009.04.02 -
Sophos 4.40.0 2009.04.02 -
Sunbelt 3.2.1858.2 2009.04.02 Trojan.Rootkit.GEN
Symantec 1.4.4.12 2009.04.02 -
TheHacker 6.3.4.0.298 2009.04.01 -
TrendMicro 8.700.0.1004 2009.04.02 -
VBA32 3.12.10.2 2009.04.02 Backdoor.Win32.HacDef.toxx
ViRobot 2009.4.2.1673 2009.04.02 -
VirusBuster 4.6.5.0 2009.04.01 -
附加信息
File size: 25984 bytes
MD5...: 3fc37041f6de8265f91b3de2cdedf622
SHA1..: 6e353d2457c8e8dd595f83028daa9ce326e66124
SHA256: d969e0b863dd23bab353fc2cb56062061e72e5bbfc7246047e8c1989cd884e16
SHA512: 22e18f266c6009c041965f40224d49b0c9484758fe939048312de4b78f4a1b8b
a11dc8cf70213a542213658d1db15939361bc79dd8752a3423c10de4b8e4c7c1
ssdeep: 192:3v8vu5q1ylcmlAWtQSpFb8kqLPRWcswctR+ke0jqeRPWdcpu7:0u5QSrXbhP
clELj1PmcM7

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (51.1%)
Win16/32 Executable Delphi generic (12.4%)
Clipper DOS Executable (12.1%)
Generic Win/DOS Executable (12.0%)
DOS Executable Generic (12.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5b05
timedatestamp.....: 0x477c58b9 (Thu Jan 03 03:38:33 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x14b4 0x1500 6.29 976964bc0f3a40480cb6f6ba7d19ec7c
.rdata 0x1980 0x244 0x280 3.84 bf88faa78d54a6c3e05d8664671e8d5d
.data 0x1c00 0x3ec0 0x3f00 1.52 6e6e2afff57a9edaeaba38e52872234b
INIT 0x5b00 0x460 0x480 5.37 7418d128049e20369cd5d5f80e77a8ba
.reloc 0x5f80 0x598 0x600 5.16 6de59bf033a33c47a19f3c46002b90a7

( 2 imports )
> ntoskrnl.exe: IofCompleteRequest, KeWaitForSingleObject, ObReferenceObjectByHandle, ObfDereferenceObject, PsGetCurrentProcessId, KeSetEvent, ExAllocatePool, MmGetSystemRoutineAddress, memcpy, KeServiceDescriptorTable, PsTerminateSystemThread, KeResetEvent, KdDebuggerEnabled, ZwClose, RtlInitUnicodeString, PsCreateSystemThread, KeInitializeEvent, IoFreeMdl, MmUnlockPages, MmMapLockedPagesSpecifyCache, MmProbeAndLockPages, MmBuildMdlForNonPagedPool, IoAllocateMdl, MmUnmapLockedPages, RtlCompareUnicodeString, ExFreePoolWithTag, ZwQuerySystemInformation, KeTickCount, KeBugCheckEx, IoCreateDevice, IoCreateSymbolicLink, IoDeleteDevice, ZwCreateFile, IoDeleteSymbolicLink, RtlUnwind
> HAL.dll: KfReleaseSpinLock, WRITE_PORT_UCHAR, READ_PORT_UCHAR, KfAcquireSpinLock

( 0 exports )

RDS...: NSRL Reference Data Set
-
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=4AF235798075AA7565D000869B62A00096276C77
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=3fc37041f6de8265f91b3de2cdedf622


注意: VirusTotal 是 Hispasec Sistemas 提供的免费服务. 我们不保证任何该服务的可用性和持续性. 尽管使用多种反病毒引擎所提供的检测率优于使用单一产品, 但这些结果并不保证文件无害. 目前来说, 没有任何一种解决方案可以提供 100% 的病毒和恶意软件检测率. 如果您购买了一款声称具有此能力的产品, 那么您可能已经成为受害者.

文件 ProtectorA.sys 接收于 2008.12.17 07:01:14 (CET)
当前状态: 完成

结果: 12/38 (31.58%)
格式化文本 打印结果 
反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.12.17.0 2008.12.17 Win-Trojan/Agent.6912.D
AntiVir 7.9.0.45 2008.12.16 -
Authentium 5.1.0.4 2008.12.17 -
Avast 4.8.1281.0 2008.12.16 -
AVG 8.0.0.199 2008.12.16 PSW.Agent.VVN
BitDefender 7.2 2008.12.17 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.17 -
Comodo 764 2008.12.16 TrojWare.Win32.Spy.Agent.eqd
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6264 2008.12.17 -
Ewido 4.0 2008.12.16 -
F-Prot 4.4.4.56 2008.12.16 -
F-Secure 8.0.14332.0 2008.12.17 -
Fortinet 3.117.0.0 2008.12.17 -
GData 19 2008.12.17 -
Ikarus T3.1.1.45.0 2008.12.17 Trojan-Spy.Win32.Agent
K7AntiVirus 7.10.555 2008.12.16 Trojan-Spy.Win32.Agent.eqd
Kaspersky 7.0.0.125 2008.12.17 -
McAfee 5466 2008.12.16 Generic PWS.y
McAfee+Artemis 5466 2008.12.16 Generic PWS.y
Microsoft 1.4205 2008.12.16 -
NOD32 3697 2008.12.17 -
Norman 5.80.02 2008.12.16 -
Panda 9.0.0.4 2008.12.17 -
PCTools 4.4.2.0 2008.12.16 -
Prevx1 V2 2008.12.17 -
Rising 21.08.20.00 2008.12.17 -
SecureWeb-Gateway 6.7.6 2008.12.16 -
Sophos 4.36.0 2008.12.17 -
Sunbelt 3.2.1801.2 2008.12.11 Trojan-Spy.Win32.Agent.eqd
Symantec 10 2008.12.17 -
TheHacker 6.3.1.4.189 2008.12.16 Trojan/Spy.Agent.eqd
TrendMicro 8.700.0.1004 2008.12.17 TSPY_AGENT.ZS
VBA32 3.12.8.10 2008.12.16 Trojan-Spy.Win32.Agent.eqd
ViRobot 2008.12.17.1522 2008.12.17 Trojan.Win32.Agent.6912
VirusBuster 4.5.11.0 2008.12.16 -
附加信息
File size: 6912 bytes
MD5...: 889a23eec876aaaabd7e7f909549bd6f
SHA1..: f475bd6af80178d5ca173639dcd1e5e5dfcccec3
SHA256: 4dc08d2a7ac6e61756e1bd42cf4e04541e686245ed33369ef41b17248f50b128
SHA512: ecd0447569cf8635f8b27ca5aa562b533d8daae9dc8c797d1e68139a80252b77
ea2f117cb13b0e2d1ce280013538298f02629f789cb9c1c6966fbac2d4e78b79

ssdeep: 96:viIAKbJR/ku/2TrBaPyKTofVgB96k6pxm+g1AQeo8QkjCYZNlTlk:v/3bL/T+
Trwj8NgT6k661Vu36

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x11485
timedatestamp.....: 0x476f6272 (Mon Dec 24 07:40:34 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xdea 0xe00 6.11 edcbeb562e213e1afbeca80e46a92452
.rdata 0x1280 0x15c 0x180 4.58 d5fa03f82923d6c85ec553921e824321
.data 0x1400 0x48 0x80 0.52 1f558917e0b83de44fffa4db41aab932
INIT 0x1480 0x414 0x480 4.99 b29e0101b2241b4c82c58678e20803eb
.reloc 0x1900 0x1d6 0x200 5.16 c11e7c620af056517edaae8bce27ecc7

( 2 imports )
> ntoskrnl.exe: RtlInitUnicodeString, IofCallDriver, IofCompleteRequest, IoDetachDevice, PoCallDriver, PoStartNextPowerIrp, IoFreeIrp, ExFreePoolWithTag, memcpy, ExAllocatePool, IoAllocateIrp, PsGetCurrentProcessId, KeSetEvent, IoCreateDevice, IoGetDeviceInterfaces, ObfDereferenceObject, ObReferenceObjectByHandle, IoGetRelatedDeviceObject, ZwClose, ZwCreateFile, RtlCompareUnicodeString, IoAttachDeviceToDeviceStack, IoGetAttachedDeviceReference, MmIsAddressValid, ObReferenceObjectByName, IoDriverObjectType, KeTickCount, IoCreateSymbolicLink, IoDeleteDevice, PsSetCreateProcessNotifyRoutine, wcsstr, IoDeleteSymbolicLink
> HAL.dll: KfLowerIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeRaiseIrqlToDpcLevel

( 0 exports )

CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=889a23eec876aaaabd7e7f909549bd6f


注意: VirusTotal 是 Hispasec Sistemas 提供的免费服务. 我们不保证任何该服务的可用性和持续性. 尽管使用多种反病毒引擎所提供的检测率优于使用单一产品, 但这些结果并不保证文件无害. 目前来说, 没有任何一种解决方案可以提供 100% 的病毒和恶意软件检测率. 如果您购买了一款声称具有此能力的产品, 那么您可能已经成为受害者.

已经可以看出了。不用发了。
清理助手怎么说？

C:\Program Files\Thunder\ComDlls\LinkSimulate.dll  这个文件.我这找不到.我现在就去用那个清理助手.看看.

扫描就说有一个木马.特洛伊木马......我想问的为什么瑞星.防火墙.杀毒软件.一点反应都没有....啊.我现在杀了这毒.看看再说了.谢谢了.

不用谢，你再看看，您将病毒备份了么？请发到可疑文件交流区。让瑞星工程师分析，加库。杀毒软件毕竟是在明处做到对病毒的百分百查杀基本不可能。但瑞星已经很努力，所以楼主请继续支持瑞星吧！

不好意思.我没有备份木马..直接处理了..

我已经清完了垃圾.重新备份系统了.要找也真不知在那找了.按说应该没有了