费尔又拦下三只...快上报，安全第一！

显示全部楼层 · 发表于 2008-2-9 07:44:55

费尔又拦下三只...快上报，安全第一！

C:\Documents and Settings\小飞侠.net\桌面\新建文件夹 (2)\002.rar>>xl[1].gif JS.Decoder.n 病毒还未处理
C:\Documents and Settings\小飞侠.net\桌面\新建文件夹 (2)\003.rar>>xlCAEKL3QT.gif JS.Decoder.n 病毒还未处理
C:\Documents and Settings\小飞侠.net\桌面\新建文件夹 (2)\001.rar>>addr[1].js JS.Decoder.v 病毒还未处理

文件 001.rar 接收于 2008.02.09 00:21:33 (CET)
结果: 2/32 (6.25%)

反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.08 -
Authentium 4.93.8 2008.02.08 -
Avast 4.7.1098.0 2008.02.08 -
AVG 7.5.0.516 2008.02.08 Exploit
BitDefender 7.2 2008.02.08 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.08 -
DrWeb 4.44.0.09170 2008.02.08 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.08 -
FileAdvisor 1 2008.02.09 -
Fortinet 3.14.0.0 2008.02.08 -
F-Prot 4.4.2.54 2008.02.08 -
F-Secure 6.70.13260.0 2008.02.08 -
Ikarus T3.1.1.20 2008.02.08 Trojan-Downloader.JS.Agent.ha
Kaspersky 7.0.0.125 2008.02.09 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.09 -
NOD32v2 2860 2008.02.08 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.08 -
Prevx1 V2 2008.02.09 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.08 -
Sunbelt 2.2.907.0 2008.02.08 -
Symantec 10 2008.02.08 -
TheHacker 6.2.9.213 2008.02.09 -
VBA32 3.12.6.0 2008.02.07 -
VirusBuster 4.3.26:9 2008.02.08 -
Webwasher-Gateway 6.6.2 2008.02.08 -
附加信息
File size: 2155 bytes
MD5: 2905b63f95fa27d74f1fcba2847e3255
SHA1: ab69c233da7bc0610e498d7cfcc9df1811a9be60
PEiD: -
packers: JSPack

文件 002.rar 接收于 2008.02.09 00:27:37 (CET)
结果: 0/32 (0%)---全过哦！快上爆，安全第一！

反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.08 -
Authentium 4.93.8 2008.02.08 -
Avast 4.7.1098.0 2008.02.08 -
AVG 7.5.0.516 2008.02.08 -
BitDefender 7.2 2008.02.08 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.09 -
DrWeb 4.44.0.09170 2008.02.08 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.08 -
FileAdvisor 1 2008.02.09 -
Fortinet 3.14.0.0 2008.02.08 -
F-Prot 4.4.2.54 2008.02.08 -
F-Secure 6.70.13260.0 2008.02.08 -
Ikarus T3.1.1.20 2008.02.08 -
Kaspersky 7.0.0.125 2008.02.09 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.09 -
NOD32v2 2860 2008.02.08 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.08 -
Prevx1 V2 2008.02.09 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.08 -
Sunbelt 2.2.907.0 2008.02.08 -
Symantec 10 2008.02.08 -
TheHacker 6.2.9.213 2008.02.09 -
VBA32 3.12.6.0 2008.02.09 -
VirusBuster 4.3.26:9 2008.02.08 -
Webwasher-Gateway 6.6.2 2008.02.08 -
附加信息
File size: 3418 bytes
MD5: a027df5332f19200f5b011f44ebfc984
SHA1: 0ca4e70e43f374ea467d8f1b4763f443a56ac665
PEiD: -

文件 003.rar 接收于 2008.02.09 00:35:41 (CET)
结果: 0/32 (0%)--又全过，快上报！

反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.08 -
Authentium 4.93.8 2008.02.08 -
Avast 4.7.1098.0 2008.02.08 -
AVG 7.5.0.516 2008.02.08 -
BitDefender 7.2 2008.02.08 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.09 -
DrWeb 4.44.0.09170 2008.02.08 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.08 -
FileAdvisor 1 2008.02.09 -
Fortinet 3.14.0.0 2008.02.08 -
F-Prot 4.4.2.54 2008.02.08 -
F-Secure 6.70.13260.0 2008.02.08 -
Ikarus T3.1.1.20 2008.02.08 -
Kaspersky 7.0.0.125 2008.02.09 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.09 -
NOD32v2 2860 2008.02.08 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.08 -
Prevx1 V2 2008.02.09 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.08 -
Sunbelt 2.2.907.0 2008.02.08 -
Symantec 10 2008.02.08 -
TheHacker 6.2.9.213 2008.02.09 -
VBA32 3.12.6.0 2008.02.09 -
VirusBuster 4.3.26:9 2008.02.08 -
Webwasher-Gateway 6.6.2 2008.02.08 -
附加信息
File size: 3423 bytes
MD5: a7c196dc9b3cccc653a375f77b0c33a8
SHA1: 0f074b5b5de7eac09aa25bb556e03cc9c23a50da
PEiD: -

显示全部楼层 · 发表于 2008-2-9 09:45:55

写的代码都没有定义

显示全部楼层 · 发表于 2008-2-9 10:46:08

第一个
Log is generated by FreShow.
[unknown]
[frame]http://w18.vg/xl.gif
[frame]http://w18.vg/real.gif
[frame]http://w18.vg/bf.gif
[frame]http://w18.vg/lz.gif
[frame]http://w18.vg/ms.gif
[frame]http://w18.vg/baidu.gif

第二个和第三个是一个东西..

lJ77=5364;if(document.all){function _dm(){return false};function _mdm(){document.oncontextmenu=_dm;setTimeout("_mdm()",800)};_mdm();}document.oncontextmenu=new Function("return false");function _ndm(e){if(document.layers||window.sidebar){if(e.which!=1)return false;}};if(document.layers){document.captureEvents(Event.MOUSEDOWN);document.onmousedown=_ndm;}else{document.onmouseup=_ndm;};uQ28=9939;jO93=3940;function _dws(){window.status = " ";setTimeout("_dws()",100);};_dws();qE7=3367;wH81=3937;function _dds(){if(document.all){document.onselectstart=function (){return false};setTimeout("_dds()",700)}};_dds();vU40=5080;bC11=1939;function _nr(){return true}onerror=_nr;aP70=3082;mV17=4222;mB14=511;yH61=1651;hO12=6225;dX94=3364;eC91=9654;;_licensed_to_="huyufeng";

复制代码

不报是对的...

显示全部楼层 · 发表于 2008-2-9 12:20:17

Hello,

addr[1].js_, xl[1].gif_, xlCAEKL3QT.gif_

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Vladimir Lebedev
Virus analyst, Kaspersky Lab

显示全部楼层 · 发表于 2008-2-9 19:45:18

还是mm吧！呵呵。

显示全部楼层 · 发表于 2008-2-11 17:52:56

The file 'addr[1].js' has been determined to be 'MALWARE'. Our analysts named the threat JS.Dldr.Agent.1746. Detection will be added to our virus definition file (VDF) with one of the next updates.

The file 'xl[1].gif' has been determined to be 'MALWARE'. Our analysts named the threat JS.Dldr.Xunlei. Detection will be added to our virus definition file (VDF) with one of the next updates.

The file 'xlCAEKL3QT.gif' has been determined to be 'MALWARE'. Our analysts named the threat JS.Dldr.Xunlei. Detection will be added to our virus definition file (VDF) with one of the next updates.

[病毒样本] 费尔又拦下三只...快上报，安全第一！

本帖子中包含更多资源

卡车说不是病毒！