收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 在学校上网用的客户端,所有杀软全报(请求鉴定)
12下一页
返回列表 发新帖
查看: 4259|回复: 12
收起左侧

[病毒样本] 在学校上网用的客户端,所有杀软全报(请求鉴定)

[复制链接]
ll47548205
头像被屏蔽
发表于 2009-6-14 16:22:23 | 显示全部楼层 |阅读模式
这是在学校上网必须用的客户端,由南师大研制的,貌似全江苏高校上网都只能用这个,但所有杀软都报,360升级到最新都报,可见这东西就是木马(明知是马也得用,在宿舍之只能用这个上网)
各位能否鉴定一下,对电脑会有哪些危害

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

coolwinds
发表于 2009-6-14 16:28:38 | 显示全部楼层
学校上网的客户端?H3C的inode吗?我用xclient代替学校的inode
http://www.coolwinds.cn/article/free/109.htm
回复

举报

sam.to
发表于 2009-6-14 16:33:55 | 显示全部楼层
14/6/2009 16:33:30        Detected: Backdoor.Win32.Delf.nnj        C:\Documents and Settings\kato\桌面\客户端\客户端.exe/data0001               

false alarm?

TO KL
回复

举报

fatezero
发表于 2009-6-14 17:22:14 | 显示全部楼层
红伞不报
回复

举报

BING126
头像被屏蔽
发表于 2009-6-14 21:56:22 | 显示全部楼层
McAfee miss
回复

举报

yulhun
发表于 2009-6-14 23:33:06 | 显示全部楼层
nod


probably a variant of Win32/Delf trojan
RAR > 客户端.exe probably a variant of Win32/Delf trojan
RAR > 客户端.exe > INNO > setup.data is OK
RAR > 客户端.exe > INNO > files.info is OK
RAR > 客户端.exe > INNO > file0000.bin probably a variant of Win32/Delf trojan
RAR > 客户端.exe > INNO > file0001.bin is OK
RAR > 客户端.exe > INNO > file0002.bin is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Entries.bin is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Strings.txt is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > System.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > InstallOptions.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > ioSpecial.ini is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > modern-wizard.bmp is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > modern-header.bmp is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > nxs.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > NSISdl.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > WpBann.htm is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > nsWeb.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > daemon_mgm.exe is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > NetMonInstaller.exe is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > npf_mgm.exe is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > rpcapd.exe is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > wpcap.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > pthreadVC.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Packet.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > WanPacket.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > npf.sys is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > ExecDos.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Packet.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > npf.sys is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Packet.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > npf.vxd is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > UserInfo.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Uninstall.exe is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Uninstall.exe > NSIS > Entries.bin is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Uninstall.exe > NSIS > Strings.txt is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Uninstall.exe > NSIS > InstallOptions.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Uninstall.exe > NSIS > ioSpecial.ini is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Uninstall.exe > NSIS > modern-wizard.bmp is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Uninstall.exe > NSIS > modern-header.bmp is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Uninstall.exe > NSIS > ExecDos.dll is OK
RAR > 客户端.exe > INNO > file0002.bin > NSIS > Uninstall.exe > NSIS > UserInfo.dll is OK
RAR > 客户端.exe > INNO > file0003.bin is OK
RAR > 客户端.exe > INNO > file0004.bin is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /#ITBITS is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > ::DataSpace/NameList is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > ::DataSpace/Storage/MSCompressed/Transform/List is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > ::DataSpace/Storage/MSCompressed/SpanInfo is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > ::DataSpace/Storage/MSCompressed/ControlData is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > ::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/ResetTable is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /#SYSTEM is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > ::DataSpace/Storage/MSCompressed/Content is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /xp.html is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /peizhi.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /login.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /duankai.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /exit.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /update.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /status.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /connect.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /network.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /run.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /message.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /uninstall.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /ynjd.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /appendex.htm is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /HELP.hhc is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /HELP.hhk is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup001.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup002.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup003.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup004.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup005.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup006.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup007.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup008.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup009.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup010.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup011.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /setup012.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /use001.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /error.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /status.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /menu.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /connect.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /network.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /run.gif is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /update.bmp is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /update002.bmp is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /update003.bmp is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /update004.bmp is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /#WINDOWS is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /$WWKeywordLinks/BTree is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /$WWKeywordLinks/Data is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /$WWKeywordLinks/Map is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /$WWKeywordLinks/Property is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /$WWAssociativeLinks/Property is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /$OBJINST is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /$FIftiMain is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /#IDXHDR is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /#TOPICS is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /#URLTBL is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /#URLSTR is OK
RAR > 客户端.exe > INNO > file0004.bin > CHM > /#STRINGS is OK
RAR > 客户端.exe > INNO > file0005.bin is OK
RAR > 客户端.exe > INNO > file0006.bin is OK
RAR > 客户端.exe > INNO > file0007.bin is OK
RAR > 客户端.exe > INNO > file0008.bin is OK
RAR > 客户端.exe > INNO > file0009.bin is OK
RAR > 客户端.exe > INNO > file0010.bin is OK
RAR > 客户端.exe > INNO > file0011.bin is OK
RAR > 客户端.exe > INNO > file0012.bin is OK
RAR > 客户端.exe > INNO > file0013.bin is OK
RAR > 客户端.exe > INNO > file0014.bin is OK
RAR > 客户端.exe > INNO > file0015.bin is OK
RAR > 客户端.exe > INNO > file0016.bin is OK
回复

举报

sam.to
发表于 2009-6-15 00:53:55 | 显示全部楼层
Hello,

Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.
回复

举报

sam.to
发表于 2009-6-15 00:56:16 | 显示全部楼层
https://www.virustotal.com/anali ... ba0563a9-1244998694
回复

举报

ll47548205
头像被屏蔽
 楼主| 发表于 2009-6-15 13:48:58 | 显示全部楼层
先谢谢楼上几位

原帖由 coolwinds 于 2009-6-14 16:28 发表
学校上网的客户端?H3C的inode吗?我用xclient代替学校的inode
http://www.coolwinds.cn/article/free/109.htm

这个客户端在我们学校用不了,只能用我发的这个



这个安装包可能有杀软不报,但安装过程中肯定会报,我们在宿舍安的时候都把杀软关了才能安上,通常都报安装后的这个软件的主文件


原帖由 sam.to 于 2009-6-15 00:56 发表
https://www.virustotal.com/analisis/9564aaa6c4a171731d3230710436698808dc847c94c2a3853d65ccc0ba0563a9-1244998694


非常感谢版主的提供

我很多同学用NOD 3.0  在客户端安装过程中会报,我前一段时间用麦咖啡企业版8.5i也报,红伞在客户端的安装过程中报不报我不知道,但客户端安装完成后会报安装后的一个文件,现在连360升级到最新都报(在客户端安装完成后)

虽然知道这东西不是玩意,但是在学校上网还只能用他,不知道会有什么危害

[ 本帖最后由 ll47548205 于 2009-6-15 13:52 编辑 ]
回复

举报

llydmissile
发表于 2009-6-15 14:05:30 | 显示全部楼层

回复 9楼 ll47548205 的帖子

把客户端的主文件发上来
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-9-18 04:26 , Processed in 0.141623 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表