质量不好(据说过HIPS)

eubyo

过不了HIPS
应用控制日志,2007-10-19 19:42:10.140,"已阻止应用程序 'server.exe' 改写文件, C:\WINDOWS\system32\NTboot32.dll"
应用控制日志,2007-10-19 19:42:03.265,"已阻止应用程序 'server.exe' 改写注册表, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"
应用控制日志,2007-10-19 19:41:59.203,"已阻止应用程序 'server.exe' 改写文件, C:\WINDOWS\system32\NTboot.exe"
应用控制日志,2007-10-19 19:41:59.203,"已阻止应用程序 'server.exe' 改写文件, C:\WINDOWS\system32\NTboot.exe"

BING126

探测到: 木马程序 Backdoor.Win32.Visel.w        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹.rar/Serve1.exe//PE_Patch.FakeNinja
探测到: 木马程序 Backdoor.Win32.Visel.w        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹.rar/Serve2.exe//PE_Patch.FakeNinja
探测到: 木马程序 Backdoor.Win32.Visel.w        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹.rar/Serve3.exe
探测到: 木马程序 Backdoor.Win32.Visel.w        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹.rar/Server.exe//NPack
探测到: 木马程序 Backdoor.Win32.Visel.w        文件: C:\Documents and Settings\Administrator\桌面\新建文件夹.rar/qq.exe

Nblock

bypass卡巴主动防御 有卡巴的上     过不了微点

mox

Serve1.exe;BackDoor.Byshell;;
Serve2.exe;Probably DLOADER.Trojan;;
Serve2.exe;BackDoor.Byshell;;
Serve3.exe;Probably DLOADER.Trojan;;
Serve3.exe;BackDoor.Byshell;;
Server.exe;Probably DLOADER.Trojan;;
Server.exe;BackDoor.Byshell;;
qq.exe;Probably DLOADER.Trojan;;
qq.exe;BackDoor.Byshell;;

过不了SSM

残缺的唯美

Result: 5 malware found
Backdoor.Win32.Visel.w (virus)
C:\Users\Administrator\Desktop\н¨Îļþ¼Ð.rar\Serve1.exe
C:\Users\Administrator\Desktop\н¨Îļþ¼Ð.rar\Serve2.exe
C:\Users\Administrator\Desktop\н¨Îļþ¼Ð.rar\Serve3.exe
C:\Users\Administrator\Desktop\н¨Îļþ¼Ð.rar\Server.exe
C:\Users\Administrator\Desktop\н¨Îļþ¼Ð.rar\qq.exe

疯子的枫子

我用norton扫描
没发现病毒

uhthn2002

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 647
Paranoia Database - 48016
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder (2)

C:\Documents and Settings\uhthn\Desktop\New Folder (2)\Serve1.exe - Suspected Trojan-Downloader.Agent.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\Serve2.exe - Suspected Trojan-Downloader.Agent.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\Serve3.exe - Suspected Trojan-Downloader.Agent.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\Server.exe - OK
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\qq.exe - Suspected Trojan-Downloader.Agent.1

5 Files scanned
0 Infected files found
4 Suspected files found
0 Files cured
0 Files deleted

浪滔天

卡巴
运行蓝屏。。。。。。

a256886572008

NTBoot.log的結構

PM 09:34:44 : 创建隐藏窗体成功
PM 09:35:08 : 复制 Loader 至 system32 目录成功
PM 09:35:12 : 没有检测到 avp.exe 卡巴斯基进程，无需加载 bypass 驱动
PM 09:35:12 : 准备安装 DelayLoadPM 09:35:23 : DelayLoad 注册表键值安装完毕
PM 09:35:32 : 创建服务端 DLL 成功
PM 09:35:33 : 加载服务端 DLL 成功
PM 09:35:33 : LoadLibrary成功，等待Loader启动主函数
PM 09:35:33 : 创建工作线程成功，选择注入进程：svchost.exe
PM 09:35:33 : Loader 通知 DLL 注入 svchost.exe
PM 09:35:38 : 提升进程权限成功
PM 09:35:39 : Loader 自删除

[ 本帖最后由 a256886572008 于 2007-10-20 21:53 编辑 ]

wangjay1980

detected: Trojan program Backdoor.Win32.Visel.w        File: C:\Documents and Settings\Owner\×ÀÃæ\н¨Îļþ¼Ð.rar/Serve1.exe//PE_Patch.FakeNinja
detected: Trojan program Backdoor.Win32.Visel.w        File: C:\Documents and Settings\Owner\×ÀÃæ\н¨Îļþ¼Ð.rar/Serve2.exe//PE_Patch.FakeNinja
detected: Trojan program Backdoor.Win32.Visel.w        File: C:\Documents and Settings\Owner\×ÀÃæ\н¨Îļþ¼Ð.rar/Serve3.exe
detected: Trojan program Backdoor.Win32.Visel.w        File: C:\Documents and Settings\Owner\×ÀÃæ\н¨Îļþ¼Ð.rar/Server.exe//NPack
detected: Trojan program Backdoor.Win32.Visel.w        File: C:\Documents and Settings\Owner\×ÀÃæ\н¨Îļþ¼Ð.rar/qq.exe