19个HOST其它变种+生成物

残缺的唯美

--> host8.exe
        [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
        [WARNING]   Infected files in archives cannot be repaired!
    --> host9.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> mydins.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> mydpri.dll
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> RAVCHDMON.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> RAVCQMON.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> RAVZXMON.exe
        [DETECTION] Is the Trojan horse TR/PSW.Agent.rwa
        [WARNING]   Infected files in archives cannot be repaired!
    --> RAVZXMON1.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> rczgnp.exe
        [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
        [WARNING]   Infected files in archives cannot be repaired!
    --> WinForm.dll
        [DETECTION] Is the Trojan horse TR/PSW.Agent.20480
        [WARNING]   Infected files in archives cannot be repaired!
    --> ztmins.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> ztmpri.dll
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> dhcins.exe
        [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.47
        [WARNING]   Infected files in archives cannot be repaired!
    --> dhcpri.dll
        [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.51
        [WARNING]   Infected files in archives cannot be repaired!
    --> host1.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> host2.exe
        [DETECTION] Contains signature of the dropper DR/Delphi.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> host4.exe
        [DETECTION] Is the Trojan horse TR/Dropper.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> host6.exe
        [DETECTION] Contains suspicious code HEUR/Malware
        [WARNING]   Infected files in archives cannot be repaired!
    --> host7.exe
        [DETECTION] Is the Trojan horse TR/Spy.Delf.UV.47
        [WARNING]   Infected files in archives cannot be repaired!
        [INFO]      A backup was created as '46f012d1.qua'  ( QUARANTINE )
        [INFO]      The file was deleted!
红伞19个

taihuxian

C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TE.rar\host8.exe\[Upack]\[Embedded#4060]\[Upack] [L] Win32:Onlinegames-ATD [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TE.rar\RAVZXMON.exe\[Upack]\[Embedded#4060]\[Upack] [L] Win32:Onlinegames-ATD [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
http://bbs.kafan.cn/attachment.php?aid=112627\host8.exe\[Upack]\[Embedded#4060]\[Upack] [L] Win32:Onlinegames-ATD [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TE.rar\rczgnp.exe\[UPX]\[Embedded#2060] [L] Win32:Onlinegames-ASX [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TE.rar\WinForm.dll [L] Win32:Onlinegames-ASX [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TE.rar\dhcins.exe\[Upack]\[Embedded#MAIN] [L] Win32:Small-HHY [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TE.rar\dhcpri.dll [L] Win32:Small-HHY [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TE.rar\host2.exe [L] Win32:Small-DJC [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TF.rar\host8.exe\[Upack]\[Embedded#4060]\[Upack] [L] Win32:Onlinegames-ATD [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
http://bbs.kafan.cn/attachment.php?aid=112627\host8.exe\[Upack]\[Embedded#4060]\[Upack] [L] Win32:Onlinegames-ATD [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TF.rar\RAVZXMON.exe\[Upack]\[Embedded#4060]\[Upack] [L] Win32:Onlinegames-ATD [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TF.rar\rczgnp.exe\[UPX]\[Embedded#2060] [L] Win32:Onlinegames-ASX [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TF.rar\WinForm.dll [L] Win32:Onlinegames-ASX [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TF.rar\dhcins.exe\[Upack]\[Embedded#MAIN] [L] Win32:Small-HHY [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TF.rar\dhcpri.dll [L] Win32:Small-HHY [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...
C:\Documents and Settings\Administrator\Application Data\Opera\Opera\profile\cache4\opr003TF.rar\host2.exe [L] Win32:Small-DJC [Trj] (0)
During the file repair, error occurred: The file was not repaired.
File was successfully moved to chest...

woai_jolin

Report for - Quick Heal Scanner
Sunday, 12 August, 2007, Time 22:37
Quick Heal Version - 9.00
Virus database - 11 August 2007

-------------------------------------------------------
Scanner Settings for this Scan were as follows.

- Scanning all files.
- Scan packed files is on.
- Scan Mailbox is on.
- DNAScan is on.
- Archive file scanning is on for - ARJ, CAB, CHM, GZ, RAR, TAR, TNEF, ZIP, SIS, MSExpand
- Respond when a virus is found:- Prompt
- Respond when a virus is found in an archive file:- Prompt

-------------------------------------------------------

F:\v\08124.rar
Archive File:  RAR

F:\v\08124.rar/host8.exe
File is clean

F:\v\08124.rar/host9.exe
Detected: "Hoax.Renos.fp (Not a Virus)"
File is skipped

F:\v\08124.rar
File is deleted


-------------------------------------------------------
Scan started at:22:37
Scan finished at:22:37
Boot/Partition Viruses   - 0         
Files Scanned   - 3         
Files Quarantined   - 0         
Files Deleted   - 1         
I/O Errors   - 0         
Threats Detected   - 1         
Files Repaired   - 0         
Archive / Packed   - 1         
DNAScan Warning   - 0

碧水寒潭

红伞19个全杀!

浪滔天

已删除: 木马程序 Trojan-Spy.Win32.Delf.uv        文件: J:\软件\软件安装文件\★ 杀毒防护\★ Kaspersky\key及工具\key\08124\dhcpri.dll
已删除: 木马程序 Trojan-PSW.Win32.QQRob.gx        文件: J:\软件\软件安装文件\★ 杀毒防护\★ Kaspersky\key及工具\key\08124\host2.exe//FSG
已删除: 木马程序 Trojan-Spy.Win32.Delf.uv        文件: J:\软件\软件安装文件\★ 杀毒防护\★ Kaspersky\key及工具\key\08124\host7.exe//UPack
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.afr        文件: J:\软件\软件安装文件\★ 杀毒防护\★ Kaspersky\key及工具\key\08124\RAVCQMON.exe
已隔离: 病毒 Heur.Trojan.Generic (变种)        文件: J:\软件\软件安装文件\★ 杀毒防护\★ Kaspersky\key及工具\key\08124\RAVZXMON.exe
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.acf        文件: J:\软件\软件安装文件\★ 杀毒防护\★ Kaspersky\key及工具\key\08124\rczgnp.exe//PE_Patch.UPX//UPX
已删除: 木马程序 Trojan-PSW.Win32.OnLineGames.acf        文件: J:\软件\软件安装文件\★ 杀毒防护\★ Kaspersky\key及工具\key\08124\WinForm.dll

7.0.0.125 高启发 有两个启发卡住扫描过不去
这个包里有好多相同重复的，实际好像只有11个文件。

woai_jolin

扫描开始于2007年8月13日 0:04:34
F:\v\新建文件夹\dhcins.exe,查到病毒: W32/OnLineGames.DH!tr.pws, 操作: 删除/隔离
F:\v\新建文件夹\dhcpri.dll,查到病毒: W32/OnLineGames.DH!tr.pws, 操作: 删除/隔离
F:\v\新建文件夹\host1.exe,查到病毒: Suspicious, 操作: <无>
F:\v\新建文件夹\host2.exe,查到病毒: Suspicious, 操作: <无>
F:\v\新建文件夹\host4.exe,查到病毒: Suspicious, 操作: <无>
F:\v\新建文件夹\host6.exe,查到病毒: Suspicious, 操作: <无>
F:\v\新建文件夹\host7.exe,查到病毒: W32/OnLineGames.DH!tr.pws, 操作: 删除/隔离
F:\v\新建文件夹\host8.exe,查到病毒: W32/OnLineGames.ACI!tr.pws, 操作: 删除/隔离
F:\v\新建文件夹\host9.exe,查到病毒: Suspicious, 操作: <无>
F:\v\新建文件夹\mydins.exe,查到病毒: Suspicious, 操作: <无>
F:\v\新建文件夹\RAVCHDMON.exe,查到病毒: Suspicious, 操作: <无>
F:\v\新建文件夹\RAVCQMON.exe,查到病毒: Suspicious, 操作: <无>
F:\v\新建文件夹\RAVZXMON.exe,查到病毒: W32/OnLineGames.ACI!tr.pws, 操作: 删除/隔离
F:\v\新建文件夹\RAVZXMON1.exe,查到病毒: Suspicious, 操作: <无>
F:\v\新建文件夹\rczgnp.exe,查到病毒: W32/Agent.BTI!tr, 操作: 删除/隔离
F:\v\新建文件夹\WinForm.dll,查到病毒: OnLine!tr, 操作: 删除/隔离
F:\v\新建文件夹\ztmins.exe,查到病毒: Suspicious, 操作: <无>
扫描结束于2007年8月13日 0:04:37
总共扫描了19个文件, 其中感染病毒文件为17个. 总共扫描了7个引导区, 感染的引导区为0个.

promised

C:\ABC\08124\dhcins.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\08124\dhcpri.dll - 特征码 'Trojan-Downloader.Agent.YJA' 被发现
C:\ABC\08124\host1.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\08124\host2.exe - 特征码 'Trojan-PWS.Win32.QQRob.gx' 被发现
C:\ABC\08124\host4.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\08124\host6.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\08124\host7.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\08124\host8.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\08124\host9.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\08124\mydins.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\08124\mydpri.dll - 特征码 'Trojan-Downloader.Agent.YJA' 被发现
C:\ABC\08124\RAVCHDMON.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\08124\RAVCQMON.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\08124\RAVZXMON.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\08124\RAVZXMON1.exe - 特征码 'Trojan-Downloader.Win32.Zlob.and' 被发现
C:\ABC\08124\rczgnp.exe - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\08124\WinForm.dll - 特征码 'Trojan-PWS.Win32.OnLineGames.es' 被发现
C:\ABC\08124\ztmins.exe - 特征码 'Trojan-Dropper.Win32.Agent.ane' 被发现
C:\ABC\08124\ztmpri.dll - 特征码 'Generic.Dld.Agent' 被发现

        21 文件被扫描
          (0 压缩档 0 文件)
        19 特征码被侦测
        0 可疑代码段被发现
        耗时: 0:00.344

liaoying112

liaoying112

上报后,瑞星全说是病毒,说几个是19.34.12版本就查杀得了,但是19.35.62都查杀不了,难到免杀了,瑞星对付免杀.....

残缺的唯美

费尔16个