硅谷动力被挂的马，好几个！

显示全部楼层 · 发表于 2007-10-13 23:20:17

http://218.75.91.248/window.exe

显示全部楼层 · 发表于 2007-10-13 23:30:27

红伞报。
Virus or unwanted program 'Worm/Downloader.B.1 [WORM/Downloader.B.1]'
detected in file 'C:\Users\lenovo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\57M8UU1Q\window[1].exe.
Action performed: Deny access

显示全部楼层 · 发表于 2007-10-13 23:54:53

恩恩~是被挂了
NOD32直接拦……
毒霸当接力~把没拦到的那个也杀了

显示全部楼层 · 发表于 2007-10-14 01:30:00

原帖由 capsshift 于 2007-10-13 23:11 发表
看来还是红伞报的多一些，一共9个。
index.htm
forum-94-1.htm
xs.htm
new09.htm
nick.js
ww6.htm
ww4.htm
614.js
bb.js
楼主，在脚本的拦截上，小红伞真的要强很多哦。

卡巴不停的报，最后我直接结束了浏览器进程，所以后面几个没发现

显示全部楼层 · 发表于 2007-10-14 02:52:10

Result: 5 malware found
Trojan-Downloader.JS.Psyme.pv (virus)
C:\Users\Administrator\Desktop\virus.rar\nick.js
Trojan-Downloader.VBS.Psyme.jg (virus)
C:\Users\Administrator\Desktop\virus.rar\ww4.htm
Trojan-Downloader.VBS.Agent.ex (virus)
C:\Users\Administrator\Desktop\virus.rar\ww6.htm
Trojan-Downloader.JS.Agent.wr (virus)
C:\Users\Administrator\Desktop\virus.rar\webxl.js
Trojan-Downloader.VBS.Psyme.jh (virus)
C:\Users\Administrator\Desktop\virus.rar\614.js
貌似比较老了

显示全部楼层 · 发表于 2007-10-14 03:21:32

Uhthn Anti-Spyware V3 Alpha
Version - 3.0.0
Standard Database - 521
Paranoia Database - 10427
Heuristics Analysis - Excessive
Scan in - C:\Documents and Settings\uhthn\Desktop\New Folder (2)

C:\Documents and Settings\uhthn\Desktop\New Folder (2)\nick.js - Infected Trojan-Downloader.js.psyme.1
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ww4.htm - Infected Virus.Script/Exploit.6239
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\ww6.htm - Infected Virus.Script/Exploit.548
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\webxl.js - Infected Virus.Script/Exploit.1685
C:\Documents and Settings\uhthn\Desktop\New Folder (2)\614.js - Infected Virus.Script/Exploit.3703

5 Files scanned
5 Infected files found
0 Suspected files found
0 Files cured
5 Files deleted

显示全部楼层 · 发表于 2007-10-14 08:09:19

我刚刚还在上面看教程呢

显示全部楼层 · 发表于 2007-10-14 08:56:07

Start of the scan: Sunday, 14 October, 2007  08:55

Starting the file scan:

Begin scan in 'C:\Documents and Settings\tim\桌面\virus.rar'
C:\Documents and Settings\tim\桌面\virus.rar
  [0] Archive type: RAR
  --> nick.js
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Psyme.NS
  --> ww4.htm
   [DETECTION] Contains detection pattern of the VBS script virus VBS/Dldr.ADODB.A
  --> ww6.htm
   [DETECTION] Contains detection pattern of the VBS script virus VBS/Dldr.Psyme.HJ
  --> 614.js
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Psyme.NQ
   [INFO]    A backup was created as '4783695d.qua'  ( QUARANTINE )
   [INFO]    The file was deleted!

End of the scan: Sunday, 14 October, 2007  08:55
Used time: 00:02 min

The scan has been done completely.

   0 Scanning directories
   6 Files were scanned
   4 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   2 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

[已鉴定] 硅谷动力被挂的马，好几个！