- 浏览: 950676 次
-
文章分类
最新评论
顽固的灰鸽子 Backdoor.Gpigeon.uql 变种 Backdoor.Win32.Hupigon.cda
endurer 原创
2006-08-26 第1版
一位网友的电脑,这两天瑞星开机扫描总报告发现 Backdoor.Gpigeon.uql。如:
-----------
病毒名称 处理结果 发现日期 路径文件病毒来源
Backdoor.Gpigeon.uql 清除成功 2006-08-25 08:19 IEXPLORE.EXE>>C:/Program Files/Internet Explorer/IEXPLORE.EXE本机
-----------/
使用HijackThis(可以到 http://endurer.ys168.com 下载)扫描log,发现N多可疑项:
/---------
Logfile of HijackThis v1.99.1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
R3 - URLSearchHook: (no name) - {BFCD2BAD-DE01-433E-A751-731B77EF84AD} - C:/WINDOWS/system32/Zzwcrh.dll (file missing)
R3 - URLSearchHook: (no name) - {808B6AF8-F101-4AF7-AC49-98D403B16FBA} - C:/WINDOWS/system32/Uhxwtr.dll (file missing)
R3 - URLSearchHook: (no name) - {DB020387-4489-4B9B-AF88-1AF9357CAA18} - C:/WINDOWS/system32/Paiy.dll
R3 - URLSearchHook: (no name) - {E68EF228-54B9-4F82-96F3-55DDBE3855FE} - C:/WINDOWS/system32/Wqonu.dll
R3 - URLSearchHook: (no name) - {8446B2EE-C04C-4C5D-9706-2FFB46E89B62} - C:/WINDOWS/system32/Mihu.dll
R3 - URLSearchHook: (no name) - {59172C14-06B4-40C8-9A95-BC71C73BF5AF} - C:/WINDOWS/system32/Ivaeye.dll (file missing)
R3 - URLSearchHook: (no name) - {EB6E4937-8C1D-4422-A928-A955BF4050A5} - C:/WINDOWS/system32/Gmuseq.dll (file missing)
R3 - URLSearchHook: (no name) - {E238864E-8FC0-4964-A119-8C219FD3FCA5} - C:/WINDOWS/system32/Qgungz.dll (file missing)
R3 - URLSearchHook: (no name) - {9CF077C6-E3CE-435B-B6EF-9ED2308051EA} - C:/WINDOWS/system32/Kmdlim.dll (file missing)
R3 - URLSearchHook: (no name) - {5B83669A-3EF7-4E7D-ACC0-2DE10FAF1D8E} - C:/WINDOWS/system32/Fxai.dll (file missing)
R3 - URLSearchHook: (no name) - {717BB5F3-D783-44AD-A672-FBE9FF014212} - C:/WINDOWS/system32/Jzwz.dll (file missing)
R3 - URLSearchHook: (no name) - {2280D518-EAFC-4E5F-8137-95459A65E71D} - C:/WINDOWS/system32/Bktql.dll (file missing)
R3 - URLSearchHook: (no name) - {B864F7E0-8EC6-4F40-A5D2-6DF6E7218916} - C:/WINDOWS/system32/Xnskic.dll (file missing)
R3 - URLSearchHook: (no name) - {7A68C18B-5050-49A1-89A2-EC2A4C9AD4D4} - C:/WINDOWS/system32/Aseuxe.dll (file missing)
R3 - URLSearchHook: (no name) - {9D0E044F-4C70-4AE0-99CE-DC3C730C6AD5} - C:/WINDOWS/system32/Tpuwa.dll (file missing)
R3 - URLSearchHook: (no name) - {0314B9FB-5711-49D8-AA91-51DA09E0E725} - C:/WINDOWS/system32/Enkjvz.dll (file missing)
R3 - URLSearchHook: (no name) - {F3E2FC60-FB25-4050-8F98-6DC54343E838} - C:/WINDOWS/system32/Lrfpy.dll (file missing)
R3 - URLSearchHook: (no name) - {4FEE26D2-50EA-452C-AA9C-7FE89EED2014} - C:/WINDOWS/system32/Ebofz.dll (file missing)
R3 - URLSearchHook: (no name) - {777A067D-4011-4AF8-A862-6F90AA846768} - C:/WINDOWS/system32/Dwoaem.dll (file missing)
R3 - URLSearchHook: (no name) - {0FAB0ABE-5538-4F73-9413-A7B004F28CE5} - C:/WINDOWS/system32/Cjxl.dll (file missing)
R3 - URLSearchHook: (no name) - {9AA75677-9EC8-4C93-A03B-AEF4BBA47DEF} - C:/WINDOWS/system32/Pfzd.dll (file missing)
R3 - URLSearchHook: (no name) - {2CE8A22A-F345-4535-BAC4-AD6CA18925E6} - C:/WINDOWS/system32/Joiu.dll (file missing)
R3 - URLSearchHook: (no name) - {BDAE40AF-1B93-40A7-8AA9-941CE8478922} - C:/WINDOWS/system32/Vrlr.dll (file missing)
R3 - URLSearchHook: (no name) - {0C4A6F76-F697-4C59-80F3-910344785973} - C:/WINDOWS/system32/Cfxmvw.dll (file missing)
R3 - URLSearchHook: (no name) - {AFC8634F-F67A-4F88-B950-54DBCE59D322} - C:/WINDOWS/system32/Nmgkm.dll (file missing)
R3 - URLSearchHook: (no name) - {8F1A07AE-48FD-4D67-B9CA-0418A9C093D6} - C:/WINDOWS/system32/Alihs.dll (file missing)
R3 - URLSearchHook: (no name) - {8A953AE5-B4CC-4691-BAA7-078F533B2B55} - C:/WINDOWS/system32/Bbuh.dll (file missing)
R3 - URLSearchHook: (no name) - {5EE40808-B4AD-423B-94E5-D027AE6D6955} - C:/WINDOWS/system32/Yrnam.dll (file missing)
R3 - URLSearchHook: (no name) - {FA1B1592-BE49-4036-8E17-5E004063BD7C} - C:/WINDOWS/system32/Jvvvfb.dll (file missing)
R3 - URLSearchHook: (no name) - {8F25AF6B-6BD7-477A-8E4C-B7BCBC4027E1} - C:/WINDOWS/system32/Nagi.dll (file missing)
R3 - URLSearchHook: (no name) - {0B5E2FA7-CD00-435E-8D5D-CC801A3024F1} - C:/WINDOWS/system32/Rmrb.dll (file missing)
R3 - URLSearchHook: (no name) - {3017565E-3424-4F08-BCD6-954553524E92} - C:/WINDOWS/system32/Zduiq.dll (file missing)
R3 - URLSearchHook: (no name) - {24011B59-F75B-4894-8324-D60F4D4D4AC4} - C:/WINDOWS/system32/Itjfge.dll (file missing)
R3 - URLSearchHook: (no name) - {09418925-370C-4806-A5AC-F35554AA4190} - C:/WINDOWS/system32/Jwqk.dll (file missing)
R3 - URLSearchHook: (no name) - {E354B57E-E92C-4168-912A-92FBA3F06E7A} - C:/WINDOWS/system32/Wxqk.dll (file missing)
R3 - URLSearchHook: (no name) - {7026FA9A-2ACC-41A0-BFA5-F401BDB8A28E} - C:/WINDOWS/system32/Irhibw.dll (file missing)
R3 - URLSearchHook: (no name) - {D318DD44-FB1E-4CBF-85A4-F868AFE5505C} - C:/WINDOWS/system32/Aahk.dll (file missing)
O2 - BHO: internet explorer helper - {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} - C:/WINDOWS/fonts/msshapi.dll (file missing)
O2 - BHO: (no name) - {0314B9FB-5711-49D8-AA91-51DA09E0E725} - C:/WINDOWS/system32/Enkjvz.dll (file missing)
O2 - BHO: (no name) - {074C1100-60FC-447C-AABA-721645DC8B45} - C:/WINDOWS/system32/Fgrsc.dll (file missing)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:/PROGRA~1/DESKAD~1/deskipn.dll
O2 - BHO: (no name) - {09418925-370C-4806-A5AC-F35554AA4190} - C:/WINDOWS/system32/Jwqk.dll (file missing)
O2 - BHO: (no name) - {0A476BEF-93D7-4042-864A-43A9F6D00825} - C:/WINDOWS/system32/Qksjd.dll (file missing)
O2 - BHO: (no name) - {0B5E2FA7-CD00-435E-8D5D-CC801A3024F1} - C:/WINDOWS/system32/Rmrb.dll (file missing)
O2 - BHO: (no name) - {0C4A6F76-F697-4C59-80F3-910344785973} - C:/WINDOWS/system32/Cfxmvw.dll (file missing)
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:/WINDOWS/system32/wmpdrm.dll (file missing)
O2 - BHO: (no name) - {0F23A638-9C94-4280-AB81-D112B52D8C72} - C:/WINDOWS/system32/Zptw.dll
O2 - BHO: (no name) - {0FAB0ABE-5538-4F73-9413-A7B004F28CE5} - C:/WINDOWS/system32/Cjxl.dll (file missing)
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:/Documents and Settings/All Users/Application Data/Microsoft/IEHelper/IEHelper_5001.dll
O2 - BHO: (no name) - {1FA33C54-8DBB-4655-968B-8D76C85012EB} - C:/WINDOWS/system32/Btim.dll (file missing)
O2 - BHO: (no name) - {2280D518-EAFC-4E5F-8137-95459A65E71D} - C:/WINDOWS/system32/Bktql.dll (file missing)
O2 - BHO: (no name) - {24011B59-F75B-4894-8324-D60F4D4D4AC4} - C:/WINDOWS/system32/Itjfge.dll (file missing)
O2 - BHO: WinSearch - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:/WINDOWS/system32/winsearch.dll
O2 - BHO: (no name) - {2CE8A22A-F345-4535-BAC4-AD6CA18925E6} - C:/WINDOWS/system32/Joiu.dll (file missing)
O2 - BHO: (no name) - {3017565E-3424-4F08-BCD6-954553524E92} - C:/WINDOWS/system32/Zduiq.dll (file missing)
O2 - BHO: (no name) - {47A5977B-52FB-46EC-9C79-C5694A1A0499} - C:/WINDOWS/system32/Dhsix.dll (file missing)
O2 - BHO: (no name) - {4FEE26D2-50EA-452C-AA9C-7FE89EED2014} - C:/WINDOWS/system32/Ebofz.dll (file missing)
O2 - BHO: (no name) - {53D94615-275A-4F4B-93C5-600355C452F8} - C:/WINDOWS/system32/Llkd.dll (file missing)
O2 - BHO: (no name) - {57D87E3D-F83A-48C7-9883-9E4AEF4E3C4E} - C:/WINDOWS/system32/Uilnhk.dll (file missing)
O2 - BHO: (no name) - {59172C14-06B4-40C8-9A95-BC71C73BF5AF} - C:/WINDOWS/system32/Ivaeye.dll (file missing)
O2 - BHO: (no name) - {5B83669A-3EF7-4E7D-ACC0-2DE10FAF1D8E} - C:/WINDOWS/system32/Fxai.dll (file missing)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O2 - BHO: (no name) - {5EE40808-B4AD-423B-94E5-D027AE6D6955} - C:/WINDOWS/system32/Yrnam.dll (file missing)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:/PROGRA~1/MMSASS~1/mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:/WINDOWS/System32/stdup.dll
O2 - BHO: (no name) - {7026FA9A-2ACC-41A0-BFA5-F401BDB8A28E} - C:/WINDOWS/system32/Irhibw.dll (file missing)
O2 - BHO: (no name) - {717BB5F3-D783-44AD-A672-FBE9FF014212} - C:/WINDOWS/system32/Jzwz.dll (file missing)
O2 - BHO: (no name) - {777A067D-4011-4AF8-A862-6F90AA846768} - C:/WINDOWS/system32/Dwoaem.dll (file missing)
O2 - BHO: CpapView Class - {77962960-536E-47EC-9DDB-52651519705F} - C:/WINDOWS/system32/rundll32.dll (file missing)
O2 - BHO: (no name) - {7A68C18B-5050-49A1-89A2-EC2A4C9AD4D4} - C:/WINDOWS/system32/Aseuxe.dll (file missing)
O2 - BHO: (no name) - {808B6AF8-F101-4AF7-AC49-98D403B16FBA} - C:/WINDOWS/system32/Uhxwtr.dll (file missing)
O2 - BHO: (no name) - {8446B2EE-C04C-4C5D-9706-2FFB46E89B62} - C:/WINDOWS/system32/Mihu.dll
O2 - BHO: (no name) - {8A953AE5-B4CC-4691-BAA7-078F533B2B55} - C:/WINDOWS/system32/Bbuh.dll (file missing)
O2 - BHO: (no name) - {8F1A07AE-48FD-4D67-B9CA-0418A9C093D6} - C:/WINDOWS/system32/Alihs.dll (file missing)
O2 - BHO: (no name) - {8F25AF6B-6BD7-477A-8E4C-B7BCBC4027E1} - C:/WINDOWS/system32/Nagi.dll (file missing)
O2 - BHO: (no name) - {9AA75677-9EC8-4C93-A03B-AEF4BBA47DEF} - C:/WINDOWS/system32/Pfzd.dll (file missing)
O2 - BHO: (no name) - {9CF077C6-E3CE-435B-B6EF-9ED2308051EA} - C:/WINDOWS/system32/Kmdlim.dll (file missing)
O2 - BHO: (no name) - {9D0E044F-4C70-4AE0-99CE-DC3C730C6AD5} - C:/WINDOWS/system32/Tpuwa.dll (file missing)
O2 - BHO: Yahoo Bar - {A697BC46-BC93-4833-93F5-1E365011E88A} - C:/WINDOWS/ODBINT.dll
O2 - BHO: Java Enhancer - {AF098F95-7CEA-407A-8552-3846737CC4B2} - C:/WINDOWS/system32/funcwin.dll
O2 - BHO: (no name) - {AFC8634F-F67A-4F88-B950-54DBCE59D322} - C:/WINDOWS/system32/Nmgkm.dll (file missing)
O2 - BHO: (no name) - {B864F7E0-8EC6-4F40-A5D2-6DF6E7218916} - C:/WINDOWS/system32/Xnskic.dll (file missing)
O2 - BHO: Flash 8 ocx - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:/WINDOWS/system32/flash8.dll
O2 - BHO: (no name) - {BDAE40AF-1B93-40A7-8AA9-941CE8478922} - C:/WINDOWS/system32/Vrlr.dll (file missing)
O2 - BHO: (no name) - {BFCD2BAD-DE01-433E-A751-731B77EF84AD} - C:/WINDOWS/system32/Zzwcrh.dll (file missing)
O2 - BHO: Count Class - {CFF6E0CF-02FB-47F5-95A4-DD8610D59284} - C:/WINDOWS/system32/bsnviewer.dll
O2 - BHO: 51导航 - {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} - C:/WINDOWS/system32/browsewmzero.dll
O2 - BHO: (no name) - {D318DD44-FB1E-4CBF-85A4-F868AFE5505C} - C:/WINDOWS/system32/Aahk.dll (file missing)
O2 - BHO: (no name) - {DB020387-4489-4B9B-AF88-1AF9357CAA18} - C:/WINDOWS/system32/Paiy.dll
O2 - BHO: (no name) - {E238864E-8FC0-4964-A119-8C219FD3FCA5} - C:/WINDOWS/system32/Qgungz.dll (file missing)
O2 - BHO: (no name) - {E354B57E-E92C-4168-912A-92FBA3F06E7A} - C:/WINDOWS/system32/Wxqk.dll (file missing)
O2 - BHO: (no name) - {E68EF228-54B9-4F82-96F3-55DDBE3855FE} - C:/WINDOWS/system32/Wqonu.dll
O2 - BHO: (no name) - {EB6E4937-8C1D-4422-A928-A955BF4050A5} - C:/WINDOWS/system32/Gmuseq.dll (file missing)
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:/PROGRA~1/COMMON~1/Wnwb/wnwbio.dll
O2 - BHO: (no name) - {F3E2FC60-FB25-4050-8F98-6DC54343E838} - C:/WINDOWS/system32/Lrfpy.dll (file missing)
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:/PROGRA~1/CNNIC/Cdn/wmhlpr.dll
O2 - BHO: (no name) - {FA1B1592-BE49-4036-8E17-5E004063BD7C} - C:/WINDOWS/system32/Jvvvfb.dll (file missing)
O3 - Toolbar: CopySo拷贝搜 - {40987A5C-6AB8-4977-8BE9-A8889DE2EDCC} - C:/Program Files/Copyso/CopysoIE.dll (file missing)
O3 - Toolbar: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O4 - HKLM/../Run: [CdnCtr] C:/Program Files/CNNIC/Cdn/cdnup.exe
O4 - HKLM/../Run: [Desktop] C:/WINDOWS/system32/rundll32.exe "C:/Program Files/DeskAdTop/Run.dll" ,Rundll
O4 - HKLM/../Run: [spoolsv] C:/WINDOWS/system32/spoolsv/spoolsv.exe -printer
O8 - Extra context menu item: >>彩信发送<< - res://C:/PROGRA~1/MMSASS~1/mmsass~1.dll/mms.htm
O8 - Extra context menu item: 访问通用网址 - C:/Program Files/CNNIC/Cdn/cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:/PROGRA~1/CNNIC/Cdn/cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:/PROGRA~1/MMSASS~1/mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:/PROGRA~1/MMSASS~1/mmsass~1.dll
O10 - Unknown file in Winsock LSP: c:/windows/system32/cdnns.dll
O11 - Options group: [CDNCLIENT] 中文上网
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:/WINDOWS/webwork/webwork.dll
O23 - Service: ebook (ebooK) - Unknown owner - C:/WINDOWS/exe
---------/
卸载:Vision,stdup,webwork,winsearch,中文上网,桌面媒体(DeskAdTop)
停止并禁用服务:ebook (ebooK)
用 WinRAR找到文件:C:/WINDOWS/exe,居然不能打包。晕!
到 http://endurer.ys168.com 下载 IceSword,把 C:/WINDOWS/exe 复制到桌面,可以打包备份了。
但用 IceSword 也无法删除C:/WINDOWS/exe,晕!
到 http://endurer.ys168.com 下载 下次启动时自动删除文件程序/Auto_Del 并运行,把 C:/WINDOWS/exe 从WinRAR 窗口拖到 下次启动时自动删除文件 窗口,提示 文件不存在或者是文件夹,点确定把 C:/WINDOWS/exe 加入待删文件列表,点下次启动时删除按钮。瑞星提示 Auto_Del.exe 要修改注册表,允许并确认。
关闭所有文件夹窗口,用HijackThis扫描并修复上面所列项目。
清空IE临时文件夹
Kaspersky 将 C:/WINDOWS/exe 报为 Backdoor.Win32.Hupigon.cda。
发表评论
相关推荐
【病毒名称】:Backdoor.Win32.Hupigon.dsx 【病毒类型】:后门 【危害程度】:中 【传播方式】:网络 【受影响系统】:windows 98以上 病毒行为: 病毒运行后,首先修改该系统时间,致使一些杀软安软因系统时间不符...
Backdoor.Win32.Delf.aws 病毒样本。
生产使用的Linux.BackDoor.Gates.5木马处理文档!
重新启动,打开工具直接绿色运行,本工具是经过在xp系统上测试过的,没有问题,win7还没有测试
delphi Backdoor.Metarage
大马文件
ASP.NET源码——ASP.NET Web BackDoor.zip
ident_backdoor
account_backdoor
我们因掌握删除计算机病毒的方法,以减少我们的损失,通过对威金病毒、恶邮差病毒、MSN圣诞照片变种B(Backdoor.Win32.PBot.b)的手工删除来学习掌握手工删除计算机病毒的方法。并了解病毒的本质、构成以及运行原理...
mod_rootme_backdoor
文件夹图标病毒专杀工具FolderCure更新到:V4.7Bulid20091001-1 Foldcure增加AI_Boy所破坏的文件夹与注册表的修复模块 更改FolderCure主界面一处文字说明 ...svrhost.exe Backdoor.Win32.Gpigeon.dks等等
backdoor-pyc, 带代码的修补程序文件 相当 lame 后门沉淀物用恶意代码文件替换pmbus文件。更改日志#### 11/10/2015不再向tmp写入,直接编辑pyc文件Bug 修复以前的工作https://www.virusbtn.com/virusbulletin
仅用于教育和/或测试目的。 笔记 不一定包含您可以在反找到的后门的反混淆的版本。 要对这些技巧和其他技巧进行模糊处理,请查看“ 部分。 始终在安全的环境中调查恶意软件。 这意味着:与您的网络分开并在虚拟机...
#History这是PHP脚本后门的列表,允许攻击者破坏网站并获得对数据库和敏感目录的完整访问权,基本上是PHP Backdoor Web应用程序Trojan,它可以完全入侵任何网站并获得完整的数据库。 #仅用于教育目的。
mysql backdoor. see it yourself
无惧上传类UpFileClassV2.2.rar asp无惧上传类UpFileClassV2.2.rar
backdoor_for_windows ... 使用Windows机器(已安装python)并使用pyinstaller“ pyinstaller backdoor.py --onefile --noconsole”从backdoor.py中创建.exe文件。 .server.py必须在Linux“ python3 server.py”上工作
ident_backdoor2