鸽子

sdbsky

.........................................

promised

不想吃鸽子了
吃腻了

tracydk

原帖由 sdbsky 于 2007-4-21 19:41 发表
.........................................

杀了

The EQs

Scan performed at: 2007-4-21 19:43:33
Scanning Log
NOD32 version 2208 (20070421) NT
Command line: C:\Documents and Settings\EQ2\桌面\gezi1.rar
Operating memory - is OK

Date: 21.4.2007  Time: 19:43:38
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\gezi1.rar
C:\Documents and Settings\EQ2\桌面\gezi1.rar ?RAR ?gezi1.exe - Win32/Hupigon.EQE trojan - was a part of the deleted object
Number of scanned files: 2
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 19:43:39 Total scanning time: 1 sec (00:00:01)

dyw1021

费尔吃了两个！~~~~~~~~~~~~~~~~~~

KAV-Longhorn

卡巴621飘过，BETA蜘蛛和红伞都报了。

tonyyu2008

PCC KILL: BKDR_HUPIGON.CVT

惡意程式類別: Backdoor

別名: No Alias Found

廣泛傳播: 是

破壞性的: 不

語言: English

平台: Windows 98, ME, NT, 2000, XP, Server 2003

加密的: 不

整體的風險程度:  低度  

回報的感染案例:  低度  

損害可能性:  高度  

散佈可能性:  低度  

掃描引擎版本最低需求: 8.000

需要的病毒碼: 4.426.08

病毒碼發佈日期: Apr 20, 2007

常駐記憶體:  是

惡意程式大小: 291,840 Bytes (compressed .EXE file); 591,360 Bytes (compressed .DLL file)

細節:



This backdoor may arrive as a file dropped or downloaded by other malware.

Upon execution, it drops the following files in the Windows folder:

G_SERVER2007.EXE - copy of itself
G_SERVER2007.DLL - also detected by Trend Micro as BKDR_HUPIGON.CVT
On Windows NT-based systems (Windows NT, 2000, XP, and Server 2003), it registers itself as a service to ensure its automatic execution at every system startup. It does this by adding the following registry key and entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\ServerGrayPigeon2007
ImagePath = "%Windows%\G_SERVER2007.EXE"

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

On Windows 98 and ME, it creates the following registries to ensure its automatic execution at every system startup:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
G_Server2007.exe = "%Windows%\G_SERVER2007.EXE"

It opens random ports to allow a remote malicious user to connect to the affected system. Once a successful connection is established, it allows the remote malicious user to issue the following commands locally, effectively compromising the affected system:

Create files in any folder
Create registry entries
Download files from the Internet
Log keystrokes
Retrieve disk status
Start and terminate services and processes
This backdoor comes with its own compression. It runs on Windows 98, ME, NT, 2000, XP, and Server 2003.

都算是新毒

最初收到的樣本: Mar 18, 2007

Computers infected since April 8, 2007
Asia		93
North America		17
Europe		3
Africa		0
South America		0
Australia and New Zealand		0
Total		113
Top 10 countries
China		76
Taiwan		15
United States		15
Denmark		3
Canada		2
Thailand		1
Hong Kong		1

[ 本帖最后由 tonyyu2008 于 2007-4-21 20:08 编辑 ]

tony3322

为什么我的红伞没报呢
还是s版的呢

tracydk

原帖由 tony3322 于 2007-4-21 20:26 发表
为什么我的红伞没报呢
还是s版的呢

S版是服务器版的???

The EQs

[ file data ]
* name: gezi1.rar
* size: 281962
* md5.: 9f7efe96ebb0604b8eed257e947804cc
* sha1: 5873192f039073123ced8331bd1f05c552d8f80f


[ scan result ]
AhnLab-V3      2007.4.21.0/20070420    found nothing

AntiVir 7.3.1.53/20070420       found [BDS/Hupigon.GB.5]
Authentium      4.93.8/20070420 found [could be a corrupted executable file]
Avast   4.7.981.0/20070421      found [Win32:Hupigon-AMA]

AVG     7.5.0.464/20070420      found nothing

BitDefender     7.2/20070421    found [GenPack:Backdoor.GrayBird.KJ]
CAT-QuickHeal   9.00/20070421   found nothing
ClamAV  devel-20070416/20070421 found [Trojan.Hupigon-2068]
DrWeb   4.33/20070421   found [BackDoor.Pigeon.1559]
eSafe   7.0.15.0/20070419       found [Suspicious Trojan/Worm]
eTrust-Vet      30.7.3585/20070421      found nothing
Ewido   4.0/20070420    found [Backdoor.Hupigon]

F-Prot  4.3.2.48/20070420       found nothing

F-Secure        6.70.13030.0/20070421   found nothing

FileAdvisor     1/20070421      found nothing

Fortinet        2.85.0.0/20070421       found [suspicious]

Ikarus  T3.1.1.5/20070421       found nothing
Kaspersky       4.0.2.24/20070421       found nothing

McAfee  5014/20070420   found [New Malware.by]
Microsoft       1.2405/20070421 found [TrojanDropper:Win32/Hupigon.gen]
NOD32v2 2208/20070421   found [Win32/Hupigon.EQE]

Norman  5.80.02/20070420        found nothing

Panda   9.0.0.4/20070421        found nothing

Prevx1  V2/20070421     found nothing
Sophos  4.16.0/20070420 found nothing

Sunbelt 2.2.907.0/20070419      found [VIPRE.Suspicious]
Symantec        10/20070421     found nothing

TheHacker       6.1.6.095/20070415      found nothing

VBA32   3.11.4/20070421 found [Backdoor.Win32.Hupigon.emb]

VirusBuster     4.3.7:9/20070420        found nothing

Webwasher-Gateway       6.0.1/20070421  found [Trojan.GrayBird.EJ.17]

[ notes ]
packers: BINARYRES
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.