BackDoor.SdBot.aje_病毒数据库

病毒名称: BackDoor.SdBot.aje 类别：后门病毒病毒资料：      破坏方法：

    后门程序

    此病毒启动后在后台隐藏运行，此病毒会在后台启动多个线程，并且会监听网络端口，此病毒还会盗取下列游戏的
    CDKEY：

    Command & Conquer Generals，
    FIFA 2003，
    Need For Speed Hot Pursuit 2，
    Soldier of Fortune II - Double Helix，
    Rainbow Six III RavenShield，
    Battlefield 1942 Road To Rome，
    Battlefield 1942，
    IGI 2 Retail，
    Unreal Tournament 2003，
    Half-Life

    此病毒可以通过聊天软件IRC被控制控制，此病毒还会在局域网内通过猜解密码的方式向其他计算机感染，所猜解的密码如下：

    "Administrator"
    "administrator"
    "fubar""bla"
    "GUEST"
    "ROOT"
    "root"
    "ADMIN"
    "PASSWord"
    "TEMP"
    "SHARE"
    "WRITE"
    "FULL"
    "ladeda"
    "BOTH"
    "READ"
    "FILES"
    "DEMO"
    "OWNER"
    "Owner"
    "edu"
    "TEST"
    "Access"
    "USER"
    "BACKUP"
    "SYSTEM"
    "SERVER"
    "pepsi"
    "LOCAL"
    "unix"
    "Linux"

    "changeme"
    "Changeme"
    "temp123"
    "1"
    "12"
    "123"
    "1234"
    "12345"
    "123456"
    "1234567"
    "12345678"
    "123456789"
    "654321"
    "54321"
    "111"
    "11111111"
    "88888888"
    "pass"
    "passwd"
    "database"
    "abcd"
    "abc123"
    "Oracle"
    "sybase"
    "123qwe"
    "computer"
    "Internet"
    "super"
    "123asd"
    "ihavenopass"
    "godblessyou"
    "enable"
    "XP"
    "2002"
    "2003"
    "2600"
    "110"
    "111111"
    "121212"
    "123123"
    "1234qwer"
    "123abc"
    "007"
    "alpha"
    "patrick"
    "pat"
    "sex"
    "god"
    "Foobar"
    "Nilez"
    "devil"
    "netdevil"
    "net-devil"
    "0wned"
    "owned"
    "irule"
    "netfUCk"
    "fucked"
    "crash"
    "a"
    "aaa"
    "abc"
    "test123"
    "win"
    "pc"
    "asdf"
    "secret"
    "qwer"
    "yxcv"
    "zxcv"
    "home"

    "login"
    "pwd"
    "love"
    "mypc"
    "mypc123"
    "admin123"
    "pw123"
    "mypass"
    "mypass123"
    "pw"
    "Mat"
    "Matt"
    "Matthew"
    "gobo"
    "satan"
    "satanik"
    "satanic"
    "spaceman"
    "heaven"
    "w00t"
    "0wn3d"
    "killer"
    "leet"
    "l33t"
    "l337"
    "hacker"
    "hax0r"
    "script"
    "scriptkiddie"
    "kiddie"
    "mirc"
    "uwontguessme"
    ; "youwontguessme"
    "guessme"
    "x"
    "xx"
    "xxx"
    "xxxx"
    "xxxxx"
    "xxxxxx"
    "xxxxxxx"
    "xxxxxxxx"
    "xxxxxxxxx"
    "0"
    "00"
    "death"
    "testing"
    "000"
    "0000"
    "00000"
    "000000"
    "academia"
    "academic"
    "accept"
    "account"
    "action"
    "adam"
    "adrian"
    "adrianna"
    "adult"
    "aerobics"
    "aids"
    "airplane"
    "alaska"
    "albany"
    "albatros"
    "albert"
    "alert"
    "alex"
    "Alexande"
    "algebra"
    "alias"
    "aliases"
    "alice"
    "alicia"
    "alisa"
    "alison"
    "allison"

    "allow"
    "alphabet"
    "amadeus"
    "amanda"
    "amber"
    "america"
    "amorphou"
    "anal"
    "analog"
    "anarchis"
    "anarchy"
    "anchor"
    "andrea"
    "android"
    "andromac"
    "andy"
    "anfo".....................
    因此如果计算机中存在这些密码的话就会被此病毒感染。

    1.修改注册表:

    1
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    \Currentversion\Run
    "System Information Manager" : NTSYS.EXE

    2
    HKEY_CURRENT_USER\Software\Microsoft\Windows
    \Currentversion\Run
    "System Information Manager" : NTSYS.EXE

    3
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    \Currentversion\RunServices
    "System Information Manager" : NTSYS.EXE
病毒的清除法：使用光华反病毒软件，彻底删除。病毒演示：病毒FAQ：      Windows下的PE病毒。
发现日期： 2003-11-26