Here are the results. I don't know why, but at the top it says "Results: 30/42"
Does that mean it was not complete, or does it not matter? Seems like there's a lot of trouble with this file.
Here's the link to it if that's easier, followed by a paste of the results: http://www.virustotal.com/analisis/7...619-1268592354
File atapi.sys.vir received on 2010.03.14 18:45:54 (UTC)
Current status: finished
Result: 30/42 (71.43%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.14 Rootkit.Win32.TDSS!IK
AhnLab-V3 5.0.0.2 2010.03.14 -
AntiVir 8.2.1.180 2010.03.12 TR/Patched.Gen
Antiy-AVL 2.0.3.7 2010.03.12 -
Authentium 5.2.0.5 2010.03.13 W32/SYStroj.AB2.gen!Eldorado
Avast 4.8.1351.0 2010.03.14 Win32:Alureon-FR
Avast5 5.0.332.0 2010.03.14 Win32:Alureon-FR
AVG 9.0.0.787 2010.03.14 Win32/Patched.CG
BitDefender 7.2 2010.03.14 Rootkit.Patched.TDSS.Gen
CAT-QuickHeal 10.00 2010.03.13 Rootkit.Tdss.ai
ClamAV 0.96.0.0-git 2010.03.14 -
Comodo 4262 2010.03.14 -
DrWeb 5.0.1.12222 2010.03.14 BackDoor.Tdss.2213
eSafe 7.0.17.0 2010.03.14 -
eTrust-Vet 35.2.7359 2010.03.12 Win32/Olmarik!generic
F-Prot 4.5.1.85 2010.03.14 W32/SYStroj.AB2.gen!Eldorado
F-Secure 9.0.15370.0 2010.03.14 Rootkit.Patched.TDSS.Gen
Fortinet 4.0.14.0 2010.03.13 -
GData 19 2010.03.14 Rootkit.Patched.TDSS.Gen
Ikarus T3.1.1.80.0 2010.03.14 Rootkit.Win32.TDSS
Jiangmin 13.0.900 2010.03.14 -
K7AntiVirus 7.10.997 2010.03.13 -
Kaspersky 7.0.0.125 2010.03.14 Rootkit.Win32.Tdss.ai
McAfee 5920 2010.03.14 Patched-SYSFile.c
McAfee+Artemis 5920 2010.03.14 Patched-SYSFile.c
McAfee-GW-Edition 6.8.5 2010.03.13 Trojan.Patched.Gen
Microsoft 1.5502 2010.03.12 Virus:Win32/Alureon.G
NOD32 4943 2010.03.14 Win32/Olmarik.VM
Norman 6.04.08 2010.03.14 W32/TDSS.drv.gen7
nProtect 2009.1.8.0 2010.03.13 Trojan/W32.Rootkit.96512.G
Panda 10.0.2.2 2010.03.14 -
PCTools 7.0.3.5 2010.03.14 Backdoor.Tidserv
Prevx 3.0 2010.03.14 High Risk Cloaked Malware
Rising 22.38.04.03 2010.03.12 -
Sophos 4.51.0 2010.03.14 Mal/TDSSRt-A
Sunbelt 5880 2010.03.14 LooksLike.Win32.PatchedDriver!A (v)
Symantec 20091.2.0.41 2010.03.14 Backdoor.Tidserv!inf
TheHacker 6.5.2.0.233 2010.03.13 Trojan/Tdss.ai
TrendMicro 9.120.0.1004 2010.03.14 PE_TDSS.MTR
VBA32 3.12.12.2 2010.03.14 Rootkit.Win32.TDSL
ViRobot 2010.3.13.2226 2010.03.13 -
VirusBuster 5.0.27.0 2010.03.14 -
Additional information
File size: 96512 bytes
MD5 : 7fba992c9f5c44bce890dd250af7574c
SHA1 : 78c080a4829084d95aa4c303a201efd5cfeec445
SHA256: 7ef5b60904f146bde97a2bd1d9dd0fa2e5b2fb5df8ca97198f550f90a362f619
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x16794
timedatestamp.....: 0x4802539D (Sun Apr 13 20:40:29 2008)
machinetype.......: 0x14C (Intel I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x97BA 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7
NONPAGE 0x9B80 0x18E8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29
.rdata 0xB480 0xA64 0xA80 4.31 8523651899e28819a14bf9415af25708
.data 0xBF00 0xD94 0xE00 0.45 3575b51634ae7a56f55f1ee0a6213834
PAGESCAN 0xCD00 0x157F 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9
PAGE 0xE280 0x61DA 0x6200 6.46 40b83d4d552384e58a03517a98eb4863
INIT 0x14480 0x22BE 0x2300 6.47 906462abc478368424ea462d5868d2e3
.rsrc 0x16780 0x3E0 0x400 6.06 299c717f29d14d950103ada44d223f52
.reloc 0x16B80 0xD20 0xD80 6.39 ce2b0898cc0e40b618e5df9099f6be45
( 3 imports )
> hal.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR
> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress
> wmilib.sys: WmiSystemControl, WmiCompleteRequest
( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 1536:lwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1KbDD0uu:lQ+N74vkEZIxMohjsimBoDTRMBwFktZY
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Prevx Info: http://info.prevx.com/aboutprogramte...E1BA003841BD67
PEiD : -
RDS : NSRL Reference Data Set
-