有谁知道systemss.exe是什么病毒

显示全部楼层 · 发表于 2008-10-18 20:01:15

刚把U盘放到电脑里，看到了这个文件，有谁知道systemss.exe是什么病毒，帮忙分析下
病毒样本网址http://zhuyuehua.260vip.cn/systemss.rar
由于论坛只能发48KB的，把病毒放到网站了

显示全部楼层 · 发表于 2008-10-18 20:06:02

.......没运行瑞星报的是后门木马

显示全部楼层 · 发表于 2008-10-18 20:06:15

鸽子好像
*:\autorun.inf
*:\systemss.exe
c:\windows\system32\_systemss.exe
c:\program files\Common Files\Microsoft Shared\MSINFO\systemss.exe

显示全部楼层 · 发表于 2008-10-18 20:10:11

不对吧应该可以发512KB的

显示全部楼层 · 发表于 2008-10-18 20:10:52

带autorun感染功能的上兴后门

显示全部楼层 · 发表于 2008-10-18 20:13:29

a-squared 4.0.0.16 2008.10.17 2008-10-17 - 2.132
AntiVir 7.9.0.5 7.0.7.58 2008-10-17 BDS/Backdoor.Gen 2.583
Arcavir 1.0.5 200810171137 2008-10-17 - 1.225
Authentium 5.1.1 200810150216 2008-10-15 W32/Hupigon.D.gen!Eldorado (Possible) 1.046
AVAST! 3.0.1 081015-0 2008-10-15 Win32:Rootkit-gen [Rtk] 0.714
AVG 7.5.52.442 270.8.1/1731 2008-10-17 - 1.680
BitDefender 7.60825.1892018 7.21320 2008-10-18 - 0.000
CA (VET) 9.0.0.143 31.6.6154 2008-10-17 - 0.000
ClamAV 0.94 8442 2008-10-18 - 0.000
Comodo 2.11 2.0.0.679 2008-10-17 - 0.000
CP Secure 1.1.0.715 2008.10.18 2008-10-18 - 0.000
Dr.Web 4.44.0.9170 2008.10.18 2008-10-18 - 0.000
ewido 4.0.0.2 2008.10.18 2008-10-18 - 0.000
F-Prot 4.4.4.56 20081017 2008-10-17 - 0.000
F-Secure 5.51.6100 2008.10.18.01 2008-10-18 - 0.000
GData 19.1058/19.65 20081016 2008-10-16 - 0.000
Ikarus T3.1.01.44 2008.10.17.71671 2008-10-17 - 0.000
Microsoft 1.4005 2008.10.18 2008-10-18 - 0.000
mks_vir 2.01 2008.10.17 2008-10-17 - 0.000
Norman 5.93.01 5.93.00 2008-10-17 - 0.000
nProtect 2008-10-17.00 2255828 2008-10-17 - 0.000
Quick Heal 9.50 2008.10.18 2008-10-18 - 0.000
Sophos 2.79.0 4.34 2008-10-18 - 0.000
Sunbelt 3.1.1732.1 2323 2008-10-17 - 0.000
The Hacker 6.3.1.0 v00118 2008-10-17 - 0.000
VBA32 3.12.8.7 20081017.1313 2008-10-17 - 0.000
ViRobot 20081016 2008.10.16 2008-10-16 - 0.000
VirusBuster 4.5.11.10 10.90.5/651677 2008-10-17 - 0.000
卡巴斯基 5.5.10 2008.10.18 2008-10-18 - 0.000
安博士V3 2008.10.18.00 2008.10.18 2008-10-18 - 0.984
安天 2.0.18 20081016.1488960 2008-10-16 - 0.120
江民杀毒 11.0.706 2008.10.18 2008-10-18 - 0.000
熊猫卫士 9.05.01 2008.10.18 2008-10-18 - 0.000
瑞星 20.0 20.66.32.00 2008-10-16 - 0.000
赛门铁克 1.3.0.24 20081017.003 2008-10-17 - 0.000
趋势科技 8.700-1004 5.606.28 2008-10-17 - 0.000
迈克菲 5.3.00 5408 2008-10-17 - 0.000
金山毒霸 2008.9.8.18 2008.10.18.15 2008-10-18 - 0.000
飞塔 2.81-3.113 9.649 2008-10-17 - 0.000

显示全部楼层 · 发表于 2008-10-18 20:14:14

Antivirus Version Last Update Result
AhnLab-V3 2008.10.18.0 2008.10.18 -
AntiVir 7.9.0.5 2008.10.17 BDS/Backdoor.Gen
Authentium 5.1.0.4 2008.10.18 W32/Hupigon.D.gen!Eldorado
Avast 4.8.1248.0 2008.10.15 Win32:Rootkit-gen
AVG 8.0.0.161 2008.10.17 Win32/Heur
BitDefender 7.2 2008.10.18 -
CAT-QuickHeal 9.50 2008.10.18 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.10.18 -
DrWeb 4.44.0.09170 2008.10.18 -
eSafe 7.0.17.0 2008.10.16 Suspicious File
eTrust-Vet 31.6.6154 2008.10.17 -
Ewido 4.0 2008.10.18 -
F-Prot 4.4.4.56 2008.10.17 W32/Hupigon.D.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.18 -
Fortinet 3.113.0.0 2008.10.17 -
GData 19 2008.10.18 Win32:Rootkit-gen
Ikarus T3.1.1.44.0 2008.10.18 Backdoor.Hupigon
K7AntiVirus 7.10.498 2008.10.18 -
Kaspersky 7.0.0.125 2008.10.18 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.18 -
NOD32 3534 2008.10.18 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.18 Suspicious file
PCTools 4.4.2.0 2008.10.18 -
Prevx1 V2 2008.10.18 -
Rising 20.66.52.00 2008.10.18 Backdoor.Win32.RemoteABC.fcb
SecureWeb-Gateway 6.7.6 2008.10.18 Trojan.Backdoor.Backdoor.Gen
Sophos 4.34.0 2008.10.18 Mal/Emogen-N
Sunbelt 3.1.1732.1 2008.10.18 VIPRE.Suspicious
Symantec 10 2008.10.18 -
TheHacker 6.3.1.0.118 2008.10.17 -
TrendMicro 8.700.0.1004 2008.10.17 Possible_HPGN-1
VBA32 3.12.8.7 2008.10.17 -
ViRobot 2008.10.18.1426 2008.10.18 -
VirusBuster 4.5.11.0 2008.10.17 -
Additional information
File size: 365825 bytes
MD5...: 10224389d71cc5a9725850ff6a997c18
SHA1..: 3ae7f444a03c6d26135d52b103b515facd44acea
SHA256: 74f99c4533979e8de4f395e82e2e7134f978ef681a2ce7d09bf7b8ec1c6234a2
SHA512: 96ac5e73c471d626cd282f4b76a994a3bbc86e161156feebf188858f59c1438e
a3d38d91fedc35d3bc506d4474ac373b05717a3f3d9122a73d8812b09330fdc7
PEiD..: -
TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)
PEInfo: -
packers (F-Prot): UPX_LZMA
packers (Authentium): UPX_LZMA

显示全部楼层 · 发表于 2008-10-18 20:16:24

Starting the file scan:

Begin scan in 'C:\Users\TOSHIBA\Downloads\systemss.rar'
C:\Users\TOSHIBA\Downloads\systemss.rar
[0] Archive type: RAR
--> ￐ￂﾽﾨￎￄﾼﾼ￐\systemss.exe
   [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[NOTE]    A backup was created as '496cd3ee.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

显示全部楼层 · 发表于 2008-10-18 20:20:52

楼主的处女贴发这里了，不易啊

下来试试

显示全部楼层 · 发表于 2008-10-18 20:26:45

为什么我不能发300多K的东西啊？？？？伤心

[病毒样本] 有谁知道systemss.exe是什么病毒

回复 1楼 liulanghan 的帖子

回复 3楼 qianwenxiang 的帖子

本帖子中包含更多资源