打开PPLive弹出的毒站

显示全部楼层 · 发表于 2007-12-15 06:00:48

打开PPLive弹出的毒站

ht tp://ad.hwdop.cn/shop1.htm

VirSCAN.org Scanned Report :
Scanned time : 2007/12/15 05:50:44 (CST)
Scanner results: 3%的杀软(1/36)报告发现病毒
File Name    : 0614llb.rar
File Size    : 1663 byte
File Type    : RAR archive data, v1d, os
MD5          : b4e3c8f44ee0dc70770c22f8591d03c3
SHA1          : 6ccb8637a730a1555bfeecc7979298fe61deee0c
Online report  : ht tp://virscan.org/report/33b0bb4d519226a14689d2b7a4b18f89.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.0.0.126    2007.12.13       2007-12-13  3.10 -
安博士V3    2007.12.15.00 2007.12.15       2007-12-15  1.06 -
AntiVir       7.6.0.45       7.0.1.98       2007-12-14  3.30 -
Arcavir       1.0.4          200712141244    2007-12-14  1.33 -
AVAST       1.0.8          071214-0       2007-12-14  3.04 -
AVG          7.5.49.442    269.17.1/1183    2007-12-13  2.23 -
BitDefender 7.60825.960157  7.16291          2007-12-15  3.50 -
CA (VET)    9.0.0.143    31.3.5375       2007-12-14  1.00 -
ClamAV       0.91.2       5122             2007-12-15  0.01 -
Comodo       2.11          2.0.0.373       2007-12-14  0.82 -
CP Secure    1.1.0.655    2007.12.14       2007-12-14  5.85 -
Dr.WEB       4.44.0.9170    2007.12.14       2007-12-14  4.67 -
ewido       4.0.0.2       2007.12.14       2007-12-14  1.95 -
F-PROT       4.4.1.52       20071214       2007-12-14  1.45 -
F-SECURE    5.51.6100    2007.12.14.07    2007-12-14  0.04 -
飞塔          2.81-3.11    8.449          2007-12-03  0.26 -
ViRobot       20071214       2007.12.14       2007-12-14  0.65 -
IKARUS       T3.1.01.15    2007.12.14.69992  2007-12-14  1.24 -
江民杀毒    10.00.650    2007.12.13       2007-12-13  1.31 -
卡巴斯基    5.5.10       2007.12.14       2007-12-14  7.11 -
金山毒霸    2007.6.20.249 2007.12.14       2007-12-14  0.72 -
迈克菲       5.2.00       5186             2007-12-14  2.96 -
MKS_VIR       2.01          2007.12.14       2007-12-14  4.86 -
NOD32       2.70.10       2724             2007-12-14  0.05 -
NORMAN       5.91.08       5.90             2007-12-13  5.18 -
熊猫卫士    9.04.03.0001 2007.12.13       2007-12-13  2.87 -
趋势          8.500-1001    4.890.06       2007-12-14  0.04 -
Prevx       V2             20071215       2007-12-15  2.24 -
QuickHeal    9.00          2007.12.14       2007-12-14  2.36 -
瑞星          19.0          20.22.41.00    2007-12-14  0.86 -
SOPHOS       2.49.1       4.21             2007-12-15  6.71 Mal/WinDocWr-A
赛门铁克    1.3.0.24       20071214.002    2007-12-14  0.95 -
nProtect    2007-12-14.00 1089255          2007-12-14  10.00  -
The Hacker    6.2.9          v00159          2007-12-13  0.64 -
VBA32       3.12.2.5       20071213.1714    2007-12-13  0.88 -
VirusBuster 4.3.19:9       9.117.1/11.0    2007-12-14  1.05 -

VirSCAN.org Scanned Report :
Scanned time : 2007/12/15 05:53:24 (CST)
Scanner results: 6%的杀软(2/36)报告发现病毒
File Name    : llb.rar
File Size    : 797 byte
File Type    : RAR archive data, v1d, os
MD5          : 9b13245624566aef5b72808fc7ae9019
SHA1          : 1c762e88e16ad42805c61a0ca617afd9361c70e0
Online report  : ht tp://virscan.org/report/dc3624f03b0c3ff078e52aa8bda6ad93.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    3.0.0.126    2007.12.13       2007-12-13  6.08 -
安博士V3    2007.12.15.00 2007.12.15       2007-12-15  1.14 -
AntiVir       7.6.0.45       7.0.1.98       2007-12-14  3.17 HEUR/Exploit.HTML
Arcavir       1.0.4          200712141244    2007-12-14  1.57 -
AVAST       1.0.8          071214-0       2007-12-14  3.05 -
AVG          7.5.49.442    269.17.1/1183    2007-12-13  2.17 -
BitDefender 7.60825.960157  7.16291          2007-12-15  5.61 -
CA (VET)    9.0.0.143    31.3.5375       2007-12-14  0.69 -
ClamAV       0.91.2       5122             2007-12-15  0.01 Exploit.Iframe-1
Comodo       2.11          2.0.0.373       2007-12-14  1.11 -
CP Secure    1.1.0.655    2007.12.14       2007-12-14  5.17 -
Dr.WEB       4.44.0.9170    2007.12.14       2007-12-14  3.36 -
ewido       4.0.0.2       2007.12.14       2007-12-14  2.03 -
F-PROT       4.4.1.52       20071214       2007-12-14  1.29 -
F-SECURE    5.51.6100    2007.12.14.07    2007-12-14  2.87 -
飞塔          2.81-3.11    8.449          2007-12-03  0.26 -
ViRobot       20071214       2007.12.14       2007-12-14  0.37 -
IKARUS       T3.1.01.15    2007.12.14.69992  2007-12-14  1.20 -
江民杀毒    10.00.650    2007.12.13       2007-12-13  1.10 -
卡巴斯基    5.5.10       2007.12.14       2007-12-14  4.74 -
金山毒霸    2007.6.20.249 2007.12.14       2007-12-14  0.66 -
迈克菲       5.2.00       5186             2007-12-14  1.08 -
MKS_VIR       2.01          2007.12.14       2007-12-14  2.33 -
NOD32       2.70.10       2724             2007-12-14  0.00 -
NORMAN       5.91.08       5.90             2007-12-13  3.92 -
熊猫卫士    9.04.03.0001 2007.12.13       2007-12-13  2.58 -
趋势          8.500-1001    4.890.06       2007-12-14  0.04 -
Prevx       V2             20071215       2007-12-15  2.24 -
QuickHeal    9.00          2007.12.14       2007-12-14  2.10 -
瑞星          19.0          20.22.41.00    2007-12-14  0.75 -
SOPHOS       2.49.1       4.21             2007-12-15  6.46 -
赛门铁克    1.3.0.24       20071214.002    2007-12-14  0.27 -
nProtect    2007-12-14.00 1089255          2007-12-14  8.15 -
The Hacker    6.2.9          v00159          2007-12-13  0.64 -
VBA32       3.12.2.5       20071213.1714    2007-12-13  0.87 -
VirusBuster 4.3.19:9       9.117.1/11.0    2007-12-14  1.03 -

PS：快上报，现在挂马的太厉害了，充分利用弹出广告网站来挂马。

显示全部楼层 · 发表于 2007-12-15 06:28:35

Thank you for your submission. Below you can see the current status of the uploaded files.

--------------------------------------------------------------------------------

We received the following archive files:

File ID  Filename  Size (Byte) Result
3600080  0614llb.rar 1.62 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
3600081  0614llb[1].htm  2.47 KB  UNDER ANALYSIS

Please find a detailed report concerning each individual sample below:

Filename Result
0614llb[1].htm  UNDER ANALYSIS

The file '0614llb[1].htm' has been determined to be 'UNDER ANALYSIS'.

--------------------------------------------------------------------------------
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.
Print this page

显示全部楼层 · 发表于 2007-12-15 09:38:22

不管了，只要红伞报了就好。

显示全部楼层 · 发表于 2007-12-15 09:48:56

h**p://m.w2op.cn/muma.exe

显示全部楼层 · 发表于 2007-12-15 09:56:28

。。。。。。

显示全部楼层 · 发表于 2007-12-15 09:58:36

原帖由 fireworld 于 2007-12-15 09:48 发表 <a href="http://bbs.kafan.cn/redirect.php?goto=findpost&pid=2277405&ptid=171302" target="_blank"><img src="http://bbs.kafan.cn/images/common/back.gif" border="0" alt="" /></a> 
h**p://m.w2op.cn/muma.exe

Start of the scan: 2007年12月14日 17:58

Starting the file scan:

Begin scan in 'C:\Users\Xing\Desktop\Downloads\muma.rar'
C:\Users\Xing\Desktop\Downloads\muma.rar
 [0] Archive type: RAR
 --> muma.exe
 [DETECTION] Contains suspicious code HEUR/Crypted
 [WARNING] The file was ignored!

[ 本帖最后由绅博周幸于 2007-12-15 10:01 编辑 ]

显示全部楼层 · 发表于 2007-12-15 09:59:06

[quote]原帖由 绅博周幸 于 2007-12-15 09:58 发表 <a href="http://bbs.kafan.cn/redirect.php?goto=findpost&pid=2277472&ptid=171302" target="_blank"><img src="http://bbs.kafan.cn/images/common/back.gif" border="0" alt="" /></a> 

 
Start of the scan: 2007年12月14日 17:58 
 
Starting the file scan: 
 
Begin scan in 'C:\Users\Xing\Desktop\Downloads\muma.rar' 
C:\Users\Xing\Desktop\Downloads\muma.rar 
[0] Archive type: RAR 
sent to avira

[ 本帖最后由绅博周幸于 2007-12-15 10:00 编辑 ]

显示全部楼层 · 发表于 2007-12-15 10:01:09

A-Squared  Found nothing
AntiVir  Found HEUR/Crypted
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found GenPack:Generic.Malware.dld!!.4F86C321
ClamAV  Found PUA.Packed.Cryptocrack
CPsecure  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Ikarus  Found MemScanBackdoor.Hupigon.YWT
Kaspersky Anti-Virus  Found nothing
NOD32  Found Win32/TrojanDownloader.VB.NNP
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Rising Antivirus  Found nothing
Sophos Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing

显示全部楼层 · 发表于 2007-12-15 14:04:12

Hello,

0614llb[1].htmk - Trojan-Downloader.JS.Agent.amn,
llb[1].htmk - Exploit.HTML.Iframe.FileDownload.ah

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Vladimir Krylov
Virus analyst, Kaspersky Lab.

显示全部楼层 · 发表于 2007-12-15 15:23:50

微点砍掉

[已鉴定] 打开PPLive弹出的毒站

时间：2007年12月15日(星期六) 上午07:45 回邮时间

[已鉴定] 打开PPLive弹出的毒站

时 间：2007年12月15日(星期六) 上午07:45 回邮时间

时间：2007年12月15日(星期六) 上午07:45 回邮时间