过卡巴的鸽子

显示全部楼层 · 发表于 2007-5-27 14:28:35

detected: Trojan program Backdoor.Win32.Hupigon.wi URL: http://bbs.kafan.cn/attachment.php?aid=76651//G_07.exe
真幽默

显示全部楼层 · 发表于 2007-5-27 14:32:39

原帖由 红心王子 于 2007-5-27 13:19 发表
探测到: 木马程序 Backdoor.Win32.Hupigon.wi 文件: C:\Documents and Settings\Administrator\桌面\G_07.rar/G_07.exe
并没有过啊
卡巴7报了

是啊，不能过卡巴7

显示全部楼层 · 发表于 2007-5-27 15:00:31

卡6报
已检测到: 木马程序 Backdoor.Win32.Hupigon.wi URL: http:/bbs.kafan.cn/attachment.php?aid=76651/G_07.exe

显示全部楼层 · 发表于 2007-5-27 17:47:09

被熊猫抓到,HOHO,,

显示全部楼层 · 发表于 2007-5-27 18:34:53

小红伞居然没报诶

显示全部楼层 · 发表于 2007-5-27 18:46:25

惨了，NOD没反应，风云防火墙也连屁都不放一个，这个鸽子怎么跟B2轰炸机似的没影了，贴出报告，高手看下。

2007-05-27,18:32:20
System Repair Engineer 2.4.12.806
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [(Verified)"ESET, spol. s r.o."]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<FY_FireWall><C:\Program Files\FengYun\FYFireWall.exe> [[url]www.218.cc[/url]]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<mspspabsp><C:\WINDOWS\system32\mspspabsp.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\UserInit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
N/A
==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Disabled]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Shadow System Service / ShadowSystemService][Stopped/Manual Start]
<C:\WINDOWS\system32\shadow\ShadowService.exe><N/A>
[SRS Labs License Service / SRS Labs License Service][Stopped/Disabled]
<"C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe"><N/A>
[Sysbak hotkey Server / Sysbak_hotkey_Server][Stopped/Manual Start]
<><N/A>
==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[AMON / AMON][Running/Auto Start]
<\SystemRoot\system32\drivers\amon.sys><Eset>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[FYTdifltDrv / FYTdifltDrv][Running/System Start]
<\??\C:\Program Files\FengYun\FYTdiDrv.sys><N/A>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MegaIDE / MegaIDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[nod32drv / nod32drv][Running/System Start]
<\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PauseDrv / PauseDrv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\PauseDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SRS Labs Audio Sandbox (WDM) / SRS_SSCFilter][Running/Manual Start]
<system32\drivers\srs_sscfilter.sys><>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
==================================
浏览器加载项
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[PeerDraw 类]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <F:\360safe\live.dll, 360safe.COM>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Microsoft DirectAnimation Control]
{B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\WINDOWS\system32\danim.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[&使用迅雷下载]
<F:\软件\软件1\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<F:\软件\软件1\Thunder\Program\getallurl.htm, N/A>
==================================
正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1740][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msuadosat.dll] [Microsoft Corporation, 6.0.2900.2802]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Unlocker\UnlockerCOM.dll] [N/A, ]
[C:\Program Files\Eset\nodshex.dll] [N/A, ]
[C:\Program Files\FengYun\fymon.dll] [[url]www.218.cc[/url], 1.2.3.75]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\WINDOWS\system32\shadow\pDeskTop.dll] [N/A, ]
[C:\WINDOWS\system32\faxshell.dll] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49]
[PID: 1824][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\nod32rui.dll] [N/A, ]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[C:\Program Files\FengYun\fymon.dll] [[url]www.218.cc[/url], 1.2.3.75]
[PID: 1840][C:\Program Files\FengYun\FYFireWall.exe] [[url]www.218.cc[/url], 1.2.5.1755]
[C:\Program Files\FengYun\arpinfo.dll] [N/A, ]
[C:\Program Files\FengYun\fymon.dll] [[url]www.218.cc[/url], 1.2.3.75]
[PID: 1856][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\FengYun\fymon.dll] [[url]www.218.cc[/url], 1.2.3.75]
[PID: 284][C:\WINDOWS\system32\shadow\ShadowTip.exe] [PowerShadow, 1, 0, 0, 1]
[C:\WINDOWS\system32\shadow\pDeskTop.dll] [N/A, ]
[C:\Program Files\FengYun\fymon.dll] [[url]www.218.cc[/url], 1.2.3.75]
[PID: 228][F:\软件\软件2\安全\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\FengYun\fymon.dll] [[url]www.218.cc[/url], 1.2.3.75]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

复制代码

显示全部楼层 · 发表于 2007-5-28 16:46:24

木马名称:Backdoor.Win32.Huigezi.stg
程序:
I:\TEST\070527\16\G_07\G_07.EXE
是木马程序!
已成功阻止其运行,是否要删除此文件?

显示全部楼层 · 发表于 2007-5-28 16:54:02

卡巴6.0
已删除: 木马程序 Backdoor.Win32.Hupigon.wi 文件: C:\Documents and Settings\桌面\G_07.rar/G_07.exe

[病毒样本] 过卡巴的鸽子

微点报已知