[2006
endurer 原创
2006-04-15 第3版 补充瑞星的回复:manage为Backdoor.Gpigeon.ynj,G_Server.exe为Backdoor.Gpigeon.ykh
2006-04-12 第2版 补充Kaspersky的回复:manage 、G_Server.exe均为Backdoor.Win32.GrayBird.id
2006-04-12 第1版
昨晚帮同事弄使用Win XP SP1的电脑,瑞星开机自动扫描报告:
IEXPLORE.EXE>>c:/Program Files/Internet Explorer/IEXPLORE.EXE感染BackDoor.Gpigeon.5.dq,清除成功。
用HijackThis扫描log,发现可疑服务启动项:
O23 - Service: Media Server - Unknown owner - C:/Program.exe (file missing)
重启到安全模式,设置系统显示所有文件和文件夹,不隐藏已知类型文件扩展名
没有发现文件C:/Program.exe。
到控制面板--》系统工具--》服务中,检查服务Media Server,发现该服务实际对应的文件是:C:/Program Files/Common Files/manage
文件manage的创建时间是:2006-04-11 18:07,文件大小是242 KB (247,808 字节)。
发现文件C:/Program Files/Common Files/1.22.exe,创建时间是:2006-04-11 18:08,经比较,此文件与manage完全相同。
发现文件c:/windows/G_Server.exe,创建时间为:2006-03-22 14:54,文件大小是594 KB (608,335 字节),使用JPG格式的图标,相当有迷惑性。
Server response
Results of a file scan
This is a report processed by VirusTotal on 04/11/2006 at 17:10:19 (CET) after scanning the file "unknown---G_Server.exe.rar" file.
Antivirus | Version | Update | Result |
AntiVir | 6.34.0.24 | 04.11.2006 | Heuristic/Crypted.Layered |
Avast | 4.6.695.0 | 04.03.2006 | no virus found |
AVG | 386 | 04.11.2006 | no virus found |
Avira | 6.34.0.56 | 04.11.2006 | no virus found |
BitDefender | 7.2 | 04.11.2006 | no virus found |
CAT-QuickHeal | 8.00 | 04.11.2006 | no virus found |
ClamAV | devel-20060202 | 04.11.2006 | no virus found |
DrWeb | 4.33 | 04.11.2006 | no virus found |
eTrust-InoculateIT | 23.71.126 | 04.11.2006 | no virus found |
eTrust-Vet | 12.4.2158 | 04.11.2006 | no virus found |
Ewido | 3.5 | 04.11.2006 | no virus found |
Fortinet | 2.71.0.0 | 04.11.2006 | no virus found |
F-Prot | 3.16c | 04.11.2006 | no virus found |
Ikarus | 0.2.59.0 | 04.11.2006 | no virus found |
Kaspersky | 4.0.2.24 | 04.11.2006 | no virus found |
McAfee | 4737 | 04.10.2006 | no virus found |
NOD32v2 | 1.1482 | 04.11.2006 | no virus found |
Norman | 5.90.15 | 04.11.2006 | no virus found |
Panda | 9.0.0.4 | 04.11.2006 | Suspicious file |
Sophos | 4.04.0 | 04.11.2006 | no virus found |
Symantec | 8.0 | 04.11.2006 | no virus found |
TheHacker | 5.9.7.128 | 04.11.2006 | no virus found |
UNA | 1.83 | 04.07.2006 | no virus found |
VBA32 | 3.10.5 | 04.11.2006 | no virus found |
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Do not reply to this message. It has been generated by an automatic address that will not handle any reply. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
更多推荐
[2006
发布评论