收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 国内杀毒软件 原创】简单试了下“小狗上学”病毒
返回列表 发新帖
查看: 3396|回复: 6
收起左侧

[技术原创] 原创】简单试了下“小狗上学”病毒

[复制链接]
凝逸反毒
发表于 2008-3-30 15:22:52 | 显示全部楼层 |阅读模式
】【原创】简单试了下“小狗上学”病毒
新出了个斑点狗的病毒,想写个专杀玩玩,就
到几bbs下了样本,发现都一样,试了下发现不是很强大,又不能在网络流行,就不写专杀了,
没有拍图就发上, 分析文本吧
------------------


运行 小狗上学soleboy.exe

C:\windows\System32\soleboy.exe
C:\soleboy.exe
生成复件运行,不断写 注册表
------------
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <soleboy><C:\windows\System32\soleboy.exe>  [Soleboy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACAAS.exe]
    <IFEO[ACAAS.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACAEGMgr.exe]
    <IFEO[ACAEGMgr.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACAIS.exe]
    <IFEO[ACAIS.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACALS.exe]
    <IFEO[ACALS.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACASP.exe]
    <IFEO[ACASP.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACenter.exe]
    <IFEO[ACenter.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AFMain.exe]
    <IFEO[AFMain.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AGB6.EXE]
    <IFEO[AGB6.EXE]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AGBKrnl.exe]
    <IFEO[AGBKrnl.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AhnSD.exe]
    <IFEO[AhnSD.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AhnSDsv.exe]
    <IFEO[AhnSDsv.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe]
    <IFEO[AluSchedulerSvc.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AScheduleService.exe]
    <IFEO[AScheduleService.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe]
    <IFEO[AST.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
    <IFEO[avcenter.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
    <IFEO[avgnt.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
    <IFEO[avguard.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FilMsg.exe]
    <IFEO[FilMsg.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FrameworkService.exe]
    <IFEO[FrameworkService.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVIETools.exe]
    <IFEO[KVIETools.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe]
    <IFEO[kvsrvxp.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
    <IFEO[mcconsol.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe]
    <IFEO[Mcshield.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMain.exe]
    <IFEO[MPMain.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe]
    <IFEO[MPMon.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe]
    <IFEO[MPSVC.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe]
    <IFEO[MPSVC1.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe]
    <IFEO[MPSVC2.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSProxy.ahn]
    <IFEO[MSProxy.ahn]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe]
    <IFEO[naPrdMgr.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
    <IFEO[nod32krn.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <IFEO[nod32kui.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCIOMON.EXE]
    <IFEO[PCCIOMON.EXE]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCVScan.exe]
    <IFEO[PCCVScan.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAIN.EXE]
    <IFEO[PCMAIN.EXE]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PowerRmv.exe]
    <IFEO[PowerRmv.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psview.exe]
    <IFEO[psview.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe]
    <IFEO[sched.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sessmgr.exe]
    <IFEO[sessmgr.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe]
    <IFEO[shstat.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SnipeSword.exe]
    <IFEO[SnipeSword.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TRIALMSG.exe]
    <IFEO[TRIALMSG.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Twister.exe]
    <IFEO[Twister.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcn.exe]
    <IFEO[vcn.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcs.exe]
    <IFEO[vcs.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcw.exe]
    <IFEO[vcw.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VsTskMgr.exe]
    <IFEO[VsTskMgr.exe]><C:\windows\System32\soleboy.exe>  [Soleboy]
---------------
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="soleboy.exe"
==========
===============改 文件关联 soleboy.exe ===================
文件关联
.EXE  Error. [soleboy.exe "%1" %*]
.COM  Error. [soleboy.exe "%1" %*]
.REG  OK. [regedit.exe "%1"]
======================
===========
[autorun]
OPEN=soleboy.exe
shell\open=打开(&O)
shell\open\Command=soleboy.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=soleboy.exe
----------


=================
==================
解决方法:
冰刃.EXE 改名为 1.bat
运行,关了soleboy.exe
建个 1.reg
写上
========================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
======
运行1.reg
在用打开一个rar,用rar到各盘把  *:\soleboy.exe  *:\autorun.inf
删了就没事






完了
回复

举报

小木鸡
发表于 2008-3-30 15:26:27 | 显示全部楼层
小狗上学病毒是我写的
回复

举报

凝逸反毒
 楼主| 发表于 2008-3-30 15:33:52 | 显示全部楼层
原帖由 chenzhan 于 2008-3-30 15:26 发表
小狗上学病毒是我写的

为什么没把 凝逸反毒  nyfd.exe 也黑了

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nyfd.exe]
    <IFEO[nyfd..exe]><C:\windows\System32\soleboy.exe>  [Soleboy]


回复

举报

小木鸡
发表于 2008-3-30 15:35:33 | 显示全部楼层
开玩笑啦,不是我写的啦

易语言写多页浏览器行不行?
回复

举报

凝逸反毒
 楼主| 发表于 2008-3-30 15:43:25 | 显示全部楼层
易语言 能写 这个小狗上学
熊猫的易语言版原码 见过
很简单 就几十行命令
回复

举报

花月
发表于 2008-4-3 16:55:27 | 显示全部楼层
都是高手,我只会杀毒不会造毒
回复

举报

天堂之门
发表于 2008-4-3 17:00:03 | 显示全部楼层


高手高手。
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-25 12:36 , Processed in 0.117138 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表