病毒名称:
BackDoor.SdBot.aje
类别: 后门病毒
病毒资料:
破坏方法:
后门程序
此病毒启动后在后台隐藏运行,此病毒会在后台启动多个线程,并且会监听网络端口,此病毒还会盗取下列游戏的
CDKEY:
Command & Conquer Generals,
FIFA 2003,
Need For Speed Hot Pursuit 2,
Soldier of Fortune II - Double Helix,
Rainbow Six III RavenShield,
Battlefield 1942 Road To Rome,
Battlefield 1942,
IGI 2 Retail,
Unreal Tournament 2003,
Half-Life
此病毒可以通过聊天软件IRC被控制控制,此病毒还会在局域网内通过猜解密码的方式向其他计算机感染,所猜解的密码如下:
"Administrator"
"administrator"
"fubar""bla"
"GUEST"
"ROOT"
"root"
"ADMIN"
"PASSWord"
"TEMP"
"SHARE"
"WRITE"
"FULL"
"ladeda"
"BOTH"
"READ"
"FILES"
"DEMO"
"OWNER"
"Owner"
"edu"
"TEST"
"Access"
"USER"
"BACKUP"
"SYSTEM"
"SERVER"
"pepsi"
"LOCAL"
"unix"
"Linux"
"changeme"
"Changeme"
"temp123"
"1"
"12"
"123"
"1234"
"12345"
"123456"
"1234567"
"12345678"
"123456789"
"654321"
"54321"
"111"
"11111111"
"88888888"
"pass"
"passwd"
"database"
"abcd"
"abc123"
"Oracle"
"sybase"
"123qwe"
"computer"
"Internet"
"super"
"123asd"
"ihavenopass"
"godblessyou"
"enable"
"XP"
"2002"
"2003"
"2600"
"110"
"111111"
"121212"
"123123"
"1234qwer"
"123abc"
"007"
"alpha"
"patrick"
"pat"
"sex"
"god"
"Foobar"
"Nilez"
"devil"
"netdevil"
"net-devil"
"0wned"
"owned"
"irule"
"netfUCk"
"fucked"
"crash"
"a"
"aaa"
"abc"
"test123"
"win"
"pc"
"asdf"
"secret"
"qwer"
"yxcv"
"zxcv"
"home"
"login"
"pwd"
"love"
"mypc"
"mypc123"
"admin123"
"pw123"
"mypass"
"mypass123"
"pw"
"Mat"
"Matt"
"Matthew"
"gobo"
"satan"
"satanik"
"satanic"
"spaceman"
"heaven"
"w00t"
"0wn3d"
"killer"
"leet"
"l33t"
"l337"
"hacker"
"hax0r"
"script"
"scriptkiddie"
"kiddie"
"mirc"
"uwontguessme"
; "youwontguessme"
"guessme"
"x"
"xx"
"xxx"
"xxxx"
"xxxxx"
"xxxxxx"
"xxxxxxx"
"xxxxxxxx"
"xxxxxxxxx"
"0"
"00"
"death"
"testing"
"000"
"0000"
"00000"
"000000"
"academia"
"academic"
"accept"
"account"
"action"
"adam"
"adrian"
"adrianna"
"adult"
"aerobics"
"aids"
"airplane"
"alaska"
"albany"
"albatros"
"albert"
"alert"
"alex"
"Alexande"
"algebra"
"alias"
"aliases"
"alice"
"alicia"
"alisa"
"alison"
"allison"
"allow"
"alphabet"
"amadeus"
"amanda"
"amber"
"america"
"amorphou"
"anal"
"analog"
"anarchis"
"anarchy"
"anchor"
"andrea"
"android"
"andromac"
"andy"
"anfo".....................
因此如果计算机中存在这些密码的话就会被此病毒感染。
1.修改注册表:
1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\Currentversion\Run
"System Information Manager" : NTSYS.EXE
2
HKEY_CURRENT_USER\Software\Microsoft\Windows
\Currentversion\Run
"System Information Manager" : NTSYS.EXE
3
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\Currentversion\RunServices
"System Information Manager" : NTSYS.EXE
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2003-11-26