u盘传播,一个bat

ldeyw

a-squared	3.0.0.126	2008.03.24	2008-03-24	-	5.445
AntiVir	7.6.0.75	7.0.3.73	2008-03-25	-	6.002
Arcavir	1.0.4	200803251812	2008-03-25	-	4.252
AVAST	1.0.8	080325-0	2008-03-25	Win32:DNSChanger-SL [Trj]	9.321
AVG	7.5.51.442	269.21.8/1343	2008-03-25	Worm/Generic.ETF	6.519
BitDefender	7.60825.1023390	7.18191	2008-03-26	-	6.509
CA (VET)	9.0.0.143	31.3.5643	2008-03-26	-	29.894
ClamAV	0.92	6392	2008-03-25	-	0.049
Comodo	2.11	2.0.0.475	2008-03-25	-	1.862
CP Secure	1.1.0.715	2008.03.26	2008-03-26	-	14.879
Dr.WEB	4.44.0.9170	2008.03.25	2008-03-25	DLOADER.Trojan	8.296
ewido	4.0.0.2	2008.03.25	2008-03-25	-	13.529
F-PROT	4.4.1.52	20080325	2008-03-25	W32/Backdoor2.GJB (exact)	5.072
F-SECURE	5.51.6100	2008.03.25.09	2008-03-25	-	13.578
IKARUS	T3.1.01.20	2008.03.24.70498	2008-03-24	Virus.Win32.DNSChanger.SL	6.336
Microsoft	1.3301	2008.03.25	2008-03-25	-	12.305
MKS_VIR	2.01	2008.03.25	2008-03-25	-	12.612
NORMAN	5.91.10	5.90	2008-03-25	-	27.410
nProtect	2008-03-26.00	1250917	2008-03-26	-	5.523
Prevx	V2	20080326	2008-03-26	-	29.168
QuickHeal	9.00	2008.03.25	2008-03-25	-	3.051
SOPHOS	2.71.3	4.27	2008-03-25	-	11.637
The Hacker	6.2.92	v00255	2008-03-25	Trojan/Small.autorun	2.448
VBA32	3.12.6.3	20080325.2040	2008-03-25	-	3.644
ViRobot	20080325	2008.03.25	2008-03-25	-	1.111
VirusBuster	4.3.19:9	9.123.21/11.0	2008-03-25	-	4.133
卡巴斯基	5.5.10	2008.03.26	2008-03-26	-	22.446
安博士V3	2008.03.26.00	2008.03.26	2008-03-26	-	2.007
江民杀毒	10.00.650	2008.03.25	2008-03-25	Trojan/DiskAutorun.avy	1.787
熊猫卫士	9.04.03.0001	2008.03.25	2008-03-25	-	8.290
瑞星	20.0	20.37.02.00	2008-03-24	-	2.259
赛门铁克	1.3.0.24	20080325.003	2008-03-25	W32.SillyFDC	1.795
趋势	8.500-1001	5.188.02	2008-03-25	Mal_Otorun2	0.059
迈克菲	5.2.00	5258	2008-03-24	-	7.888
金山毒霸	2007.6.20.249	2008.3.26	2008-03-26	-	3.441
飞塔	2.81-3.11	8.887	2008-03-26	-	6.806

顺便一提,nod32和微点预升级都对它没反应,我信赖的三个杀软都被它过了
装上hips运行bat粗略看了一下,在C盘下建立了一个隐藏文件,修改几项注册表,其他就没有动作了.

[ 本帖最后由 ldeyw 于 2008-3-26 13:55 编辑 ]

gaojun7206

Trojan.DiskAutorun.avy.ivfl

深红的雪

这个不是bat，试试改成exe后缀看看

delautorun 它自己说的


另外，红伞不认识

[ 本帖最后由 rappar 于 2008-3-26 19:15 编辑 ]

ldeyw

改了后图标就出现了,而且还很有时尚感

深红的雪

ftp://virus:virus@lighteyes.scu. ... orun/DelAutorun.bat
ftp://virus:virus@lighteyes.scu. ... orun/DelAutorun.ini
很诡异，教育网的？

ldeyw

咬牙运行了,这到底是什么
怎么看起来像一个好人

sanhu35

The scan has been done completely.

      0 Scanning directories
      5 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      5 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

傻猪猪米走鸡

D:\firefox download\Autorun.rar > RAR > Autorun.inf - 正常
D:\firefox download\Autorun.rar > RAR > delautorun.bat - 正常
D:\firefox download\Autorun.rar > RAR > delautorun.ini - 正常
D:\firefox download\Autorun.rar:Zone.Identifier - 正常

ldeyw

难道这程序其实是想做个好人,而我却没有给它机会?
难怪Autorun会在右键添加一个"杀毒"的选项.
不过怎么看都不是一个能让人安心的东西.虽然它的自我介绍很让人安心

[ 本帖最后由 ldeyw 于 2008-3-26 16:12 编辑 ]

allinwonderi

-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.4.2
Virus signature file from: 2008-3-26, 15:02

Scan name: Virus Tester
Path to scan: C:\Documents and Settings\All Users\Documents\Test\|

Normal scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2008-3-26, 20:49:58
---------------------------------------------------------------------


[Found backdoor]         <W32/Backdoor2.GJB (exact, not disinfectable)>        C:\Documents and Settings\All Users\Documents\Test\Autorun.rar->delautorun.bat

---------------------------------------------------------------------
Scan ended:        2008-3-26, 20:49:59
Duration:        0:00:01

Scan result:

Scanned files:                 6
Infected objects:         1
Disinfected objects:         0
Quarantined files:         0
---------------------------------------------------------------------

[Warning]        <Could not open file>