BackDoor.SdBot.aje

病毒名称:

BackDoor.SdBot.aje

类别： 后门病毒

病毒资料：

破坏方法：

后门程序

此病毒启动后在后台隐藏运行，此病毒会在后台启动多个线程，并且会监听网络端口，此病毒还会盗取下列游戏的

CDKEY：

Command & Conquer Generals，

FIFA 2003，

Need For Speed Hot Pursuit 2，

Soldier of Fortune II - Double Helix，

Rainbow Six III RavenShield，

Battlefield 1942 Road To Rome，

Battlefield 1942，

IGI 2 Retail，

Unreal Tournament 2003，

Half-Life

此病毒可以通过聊天软件IRC被控制控制，此病毒还会在局域网内通过猜解密码的方式向其他计算机感染，所猜解的密码如下：

"Administrator"

"administrator"

"fubar""bla"

"GUEST"

"ROOT"

"root"

"ADMIN"

"PASSWord"

"TEMP"

"SHARE"

"WRITE"

"FULL"

"ladeda"

"BOTH"

"READ"

"FILES"

"DEMO"

"OWNER"

"Owner"

"edu"

"TEST"

"Access"

"USER"

"BACKUP"

"SYSTEM"

"SERVER"

"pepsi"

"LOCAL"

"unix"

"Linux"

"changeme"

"Changeme"

"temp123"

"1"

"12"

"123"

"1234"

"12345"

"123456"

"1234567"

"12345678"

"123456789"

"654321"

"54321"

"111"

"11111111"

"88888888"

"pass"

"passwd"

"database"

"abcd"

"abc123"

"Oracle"

"sybase"

"123qwe"

"computer"

"Internet"

"super"

"123asd"

"ihavenopass"

"godblessyou"

"enable"

"XP"

"2002"

"2003"

"2600"

"110"

"111111"

"121212"

"123123"

"1234qwer"

"123abc"

"007"

"alpha"

"patrick"

"pat"

"sex"

"god"

"Foobar"

"Nilez"

"devil"

"netdevil"

"net-devil"

"0wned"

"owned"

"irule"

"netfUCk"

"fucked"

"crash"

"a"

"aaa"

"abc"

"test123"

"win"

"pc"

"asdf"

"secret"

"qwer"

"yxcv"

"zxcv"

"home"

"login"

"pwd"

"love"

"mypc"

"mypc123"

"admin123"

"pw123"

"mypass"

"mypass123"

"pw"

"Mat"

"Matt"

"Matthew"

"gobo"

"satan"

"satanik"

"satanic"

"spaceman"

"heaven"

"w00t"

"0wn3d"

"killer"

"leet"

"l33t"

"l337"

"hacker"

"hax0r"

"script"

"scriptkiddie"

"kiddie"

"mirc"

"uwontguessme"

; "youwontguessme"

"guessme"

"x"

"xx"

"xxx"

"xxxx"

"xxxxx"

"xxxxxx"

"xxxxxxx"

"xxxxxxxx"

"xxxxxxxxx"

"0"

"00"

"death"

"testing"

"000"

"0000"

"00000"

"000000"

"academia"

"academic"

"accept"

"account"

"action"

"adam"

"adrian"

"adrianna"

"adult"

"aerobics"

"aids"

"airplane"

"alaska"

"albany"

"albatros"

"albert"

"alert"

"alex"

"Alexande"

"algebra"

"alias"

"aliases"

"alice"

"alicia"

"alisa"

"alison"

"allison"

"allow"

"alphabet"

"amadeus"

"amanda"

"amber"

"america"

"amorphou"

"anal"

"analog"

"anarchis"

"anarchy"

"anchor"

"andrea"

"android"

"andromac"

"andy"

"anfo".....................

因此如果计算机中存在这些密码的话就会被此病毒感染。

1.修改注册表:

1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\Currentversion\Run

"System Information Manager" : NTSYS.EXE

2

HKEY_CURRENT_USER\Software\Microsoft\Windows

\Currentversion\Run

"System Information Manager" : NTSYS.EXE

3

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

\Currentversion\RunServices

"System Information Manager" : NTSYS.EXE

病毒的清除法：

使用光华反病毒软件，彻底删除。

病毒演示：

病毒FAQ：

Windows下的PE病毒。

发现日期：

2003-11-26

• ·Backdoor.SdBot.agc
• ·Backdoor.Rbot.xp
• ·Backdoor.Rbot.xv
• ·Backdoor.Rbot.xm
• ·BackDoor.RBot.xf
• ·Backdoor.Rbot.yu
• ·Backdoor.Vb.neeao
• ·Backdoor.Rbot.xs
• ·Backdoor.Rbot.ze
• ·Backdoor.Death.27.c