有hips的来测下，这到底是什么东东？

capsshift

等红伞更新了再看。

luckyjoy

原帖由 挪威的冬天 于 2008-2-25 22:40 发表
为啥觉得很勉强呢

信息        2008-02-25  22:40:16        您此次查毒共查出1个病毒以及危险代码                        
信息        2008-02-25  22:40:16        您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件2个                        
信息        2008-02-25  22:40:16        金山 ...

因为那个链接的网址是公司的服务器

28654621

D:\download\ADExpire.rar>>ADExpire.exe        Backdoor.CAK.a.yhar.for        后门        还未处理

sharkkong

原帖由 wangjay1980 于 2008-2-25 21:03 发表
联网卡巴怎么会无视呢

因为我用的是 KAV

wangjay1980

Hello,

ADExpire.exe_

No malicious code was found in this file.

Please quote all when answering.

--
Best regards, Kirill Erakhtin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



> Attachment: ADExpire.rar

jhlzh

费尔报后门程序。

挪威的冬天

不知道你怎么上报的  是 up.毒霸.net ?

qcqyt

生成文件718765.vbs于C:\Documents and Settings\当前用户\Local Settings\Temp

内容如下:

Dim dtmValue, intTimeInterval, intMaxPwdAge, Silent, Silent1, Silent2
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const ADS_SCOPE_SUBTREE = 2

On Error Resume Next

Set objArgs = Wscript.Arguments
Silent = 100
Silent1 = 14
If objArgs.Count > 0 Then
   If objArgs(0) > 0 Then
      Silent = objArgs(0)*1000
   End If
End If
If objArgs.Count > 1 Then
   If objArgs(1) > 0 Then
      Silent1 = objArgs(1)*1
   End If
End If
If objArgs.Count > 2 Then
   If objArgs(2) = "E" Or objArgs(2) = "e" Then
      Silent2 = "E"
   End If
End If

WScript.sleep Silent

Set WshNetwork = WScript.CreateObject("WScript.Network")
duname = WshNetwork.UserName

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 10
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
   "SELECT AdsPath FROM 'LDAP://sgsingmeyad03.pacrim.ey.net/ou=CN,dc=pacrim,dc=ey,dc=net' WHERE sAMAccountName='" & duname & "'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Set objUser = GetObject(objRecordSet.Fields("AdsPath").Value)

dtmValue = objUser.PasswordLastChanged
intTimeInterval = int(now - dtmValue)
intMaxPwdAge = 90

If dtmValue = 0 Then
   If Silent2 = "E"  Then
      MsgBox "Error, can't contact AD.", vbOKOnly+vbExclamation, "AD Password Expire Checking"
   End If
  WScript.Quit
Else

intCurrentValue = objUser.Get("userAccountControl")
If intCurrentValue And ADS_UF_DONT_EXPIRE_PASSWD Then
'  MsgBox "The password does not expire.", vbOKOnly, "Info"
  WScript.Quit
Else

If intTimeInterval > intMaxPwdAge Then
  MsgBox "Your Domain password has been expired. Please contact ITSS department.", vbOKOnly+vbExclamation, "AD Password Expired"
Else

If (intMaxPwdAge - intTimeInterval) =< Silent1 Then
  MsgBox "Your Domain password will expire in " & int((dtmValue + intMaxPwdAge) - now + 1) & " day(s). Please reset your password by pressing alt+ctrl+del and clicking on " & CHR(34) & "Change Password Button" & CHR(34)& ".", vbOKOnly+vbExclamation, "AD Password Expired"

End If
End If
End If
End If

luckyjoy

原帖由 挪威的冬天 于 2008-2-26 11:49 发表
不知道你怎么上报的  是 up.毒霸.net ?

是论坛交流给毒霸的

qigang

rising20.33.12未杀！