给大家一个病毒玩玩

worker321

杀毒软件几乎全军覆没！！

sfdx

BD报了后门，一解压就报……

pingpaiji

人浪流涯天

http://hi.baidu.com/renlangliu/b ... 84cbd69123d99a.html

测试了，ＢＤ为啥报后门？

Nblock

kill

Backdoor.genus is found
Trojan horse program generates files as below:
1) C:\WINDOWS\SYSTEM32\WINFX32.EXE


2007-05-29 10:39:19 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ WINDOWS SERVICE AGENT  
2007-05-29 10:39:19 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES\ WINDOWS SERVICE AGENT

playx

原帖由 人浪流涯天 于 2007-5-29 01:02 发表
http://hi.baidu.com/renlangliu/blog/item/d73ed9805484cbd69123d99a.html

测试了，ＢＤ为啥报后门？

高手…看你的文章是种享受

playx

上报给铁壳却回复已有入库,但我却杀不了,是程序不完整还是我的杀软有问题...

http://www.symantec.com/security ... 013-5943-99&tabid=3

filename:  winfx32.rar
machine: Machine
result: See the developer notes

filename: winfx32.exe
machine: Machine
result: This file is detected as W32.Spybot.Worm.
http://www.symantec.com/avcenter/venc/data/w32.spybot.worm.html

Developer notes:
winfx32.rar is a container file of type  RAR
winfx32.exe is non-repairable threat. Please delete this file and
replace it if necessary. Please follow the instruction at the end of this
email message to install the latest available definitions.  This file is
contained by   winfx32.rar



Symantec Security Response has determined that the sample(s) that you
provided are infected with a virus, worm, or Trojan. We have created
RapidRelease definitions that will detect this threat. Please follow the
instruction at the end of this email message to download and install the
latest RapidRelease definitions.
Downloading and Installing RapidRelease Definition Instructions:
1. Open your Web browser. If you are using a dial-up connection,
connect to any Web site, such as:  http://securityresponse.symantec.com/
2. Click this link to the ftp site:
ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/symrapidreleasedefsi32.exe.
If it does not go to the site (this could take a minute or so if you
have a slow connection), copy and paste the address into the address bar
of your Web browser and then press Enter.
3. When a download dialog box appears, save the file to the Windows
desktop.
4. Double-click the downloaded file and follow the prompts.

Should you have any questions about your submission, please contact
your regional technical support from the Symantec website and give them
the tracking number in the subject of this message.

-----------------------------------------------------------------------
This message was generated by Symantec Security Response automation.

For USA:
For electronic support options, Symantec provides On-Line Services at
http://www.symantec.com/techsupp/


--------------------------------------------

[ 本帖最后由 playx 于 2007-5-29 19:27 编辑 ]

qqq000@qq.com

----------
              [凝逸反毒] (http://hi.baidu.com/503165656)

       [凝逸.扫描病毒引擎-日志]       2007.5.31 9:48:40

文件:F:\070531\winfx32\winfx32.exe | 感染:BackDoor.IRC.Sdbot.1403 [55>2007_144854_0214.axx]3
操作:删除文件


扫描完成|病毒:1 文件:1|耗时:491
----------

liyukun97065

我的AVG,antivir,mcafee都不报呢,怎么搞的

tracydk

原帖由 playx 于 2007-5-29 19:22 发表
上报给铁壳却回复已有入库,但我却杀不了,是程序不完整还是我的杀软有问题...

http://www.symantec.com/security ... 013-5943-99&tabid=3

filename:  winfx32.rar
machine: Machine
result: See the de ...

怀疑你会不会用铁壳