又是费尔拦下的滴，差点吃光我的内存...

小飞侠.net

又是费尔拦下的滴，差点吃光我的内存...

因为中之后不停弹出窗口，还是在傲游2...只好强行结束傲游乐～～

2008-02-11 06:09:33    修改文件      操作:阻止
进程路径:C:\Program Files\Maxthon2\Maxthon.exe
文件路径:C:\WINDOWS\system32\drivers\tcpip.sys
触发规则:所有程序规则->系统文件->%WinDir%\system32\drivers\*.sys

......试图写入SYS文件到%WinDir%\system32\drivers\～还好被EQ拦截了！像这种入侵傲游的安全浏览似乎不起作用？


2008-02-11 06:10:13    修改文件      操作:阻止
进程路径:C:\Program Files\Maxthon2\Maxthon.exe
文件路径:C:\WINDOWS\system32\drivers\tcpip.sys
触发规则:所有程序规则->系统文件->%WinDir%\system32\drivers\*.sys



C:\Documents and Settings\小飞侠.net\桌面\111222\htm[1].htm        JS.WindowObject.Exploit.a        可疑程序        还未处理
C:\Documents and Settings\小飞侠.net\桌面\111222\Bfyy[1].gif        JS.Decoder.t        病毒        还未处理
C:\Documents and Settings\小飞侠.net\桌面\111222\Pps[1].gif        JS.Decoder.t        病毒        还未处理
C:\Documents and Settings\小飞侠.net\桌面\111222\htm[2].htm        JS.WindowObject.Exploit.a        可疑程序        还未处理

文件 Bfyy.rar 接收于 2008.02.10 23:26:23 (CET)
ht tp://www.virustotal.com/zh-cn/analisis/4043a31429c8d0804a7a82757cb5ab3a
结果: 6/32 (18.75%)

反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.10 HTML/Shellcode.Gen
Authentium 4.93.8 2008.02.10 -
Avast 4.7.1098.0 2008.02.10 -
AVG 7.5.0.516 2008.02.10 -
BitDefender 7.2 2008.02.10 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.10 -
DrWeb 4.44.0.09170 2008.02.10 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.10 -
FileAdvisor 1 2008.02.10 -
Fortinet 3.14.0.0 2008.02.10 -
F-Prot 4.4.2.54 2008.02.10 HTML/IFrameBoF.F
F-Secure 6.70.13260.0 2008.02.10 HTML/IFrameBoF.F
Ikarus T3.1.1.20 2008.02.10 -
Kaspersky 7.0.0.125 2008.02.10 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.10 Exploit:Win32/Senglot.J
NOD32v2 2862 2008.02.10 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.10 -
Prevx1 V2 2008.02.10 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.10 Mal/JSShell-A
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.10 -
TheHacker 6.2.9.215 2008.02.09 -
VBA32 3.12.6.0 2008.02.10 -
VirusBuster 4.3.26:9 2008.02.10 -
Webwasher-Gateway 6.6.2 2008.02.10 Script.Shellcode.Gen
附加信息
File size: 2073 bytes
MD5: c164b1afd812982f4fadba671c7cab5e
SHA1: fd3b0824d2b1d11dd045a13d0e440c19450e9df1
PEiD: -

文件 htm.rar 接收于 2008.02.10 23:32:32 (CET)
结果: 3/32 (9.38%)
  
ht tp://www.virustotal.com/zh-cn/analisis/ab65b8b22f762f0f11ced1a9f8e062ef
反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.10 JS/Dldr.Wuxin.7371
Authentium 4.93.8 2008.02.10 -
Avast 4.7.1098.0 2008.02.10 -
AVG 7.5.0.516 2008.02.10 JS/Psyme.PZ
BitDefender 7.2 2008.02.10 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.10 -
DrWeb 4.44.0.09170 2008.02.10 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.10 -
FileAdvisor 1 2008.02.10 -
Fortinet 3.14.0.0 2008.02.10 -
F-Prot 4.4.2.54 2008.02.10 -
F-Secure 6.70.13260.0 2008.02.10 -
Ikarus T3.1.1.20 2008.02.10 -
Kaspersky 7.0.0.125 2008.02.10 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.10 -
NOD32v2 2862 2008.02.10 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.10 -
Prevx1 V2 2008.02.10 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.10 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.10 -
TheHacker 6.2.9.215 2008.02.09 -
VBA32 3.12.6.0 2008.02.10 -
VirusBuster 4.3.26:9 2008.02.10 -
Webwasher-Gateway 6.6.2 2008.02.10 Script.Dldr.Wuxin.7371
附加信息
File size: 2434 bytes
MD5: e56c398514cafb9220dc6155d32d1a8e
SHA1: 86f3c57d9cfe42d90b23d38558648a02acad56a1
PEiD: -

文件 htm1.rar 接收于 2008.02.10 23:42:59 (CET)
ht tp://www.virustotal.com/zh-cn/analisis/ee0c10d52d2a156a3aad61dac0af07ef
结果: 3/32 (9.38%)


反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.10 JS/Dldr.Wuxin.7371
Authentium 4.93.8 2008.02.10 -
Avast 4.7.1098.0 2008.02.10 -
AVG 7.5.0.516 2008.02.10 JS/Psyme.PZ
BitDefender 7.2 2008.02.10 -
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.10 -
DrWeb 4.44.0.09170 2008.02.10 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.10 -
FileAdvisor 1 2008.02.10 -
Fortinet 3.14.0.0 2008.02.10 -
F-Prot 4.4.2.54 2008.02.10 -
F-Secure 6.70.13260.0 2008.02.10 -
Ikarus T3.1.1.20 2008.02.10 -
Kaspersky 7.0.0.125 2008.02.10 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.10 -
NOD32v2 2862 2008.02.10 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.10 -
Prevx1 V2 2008.02.10 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.10 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.10 -
TheHacker 6.2.9.215 2008.02.09 -
VBA32 3.12.6.0 2008.02.10 -
VirusBuster 4.3.26:9 2008.02.10 -
Webwasher-Gateway 6.6.2 2008.02.10 Script.Dldr.Wuxin.7371
附加信息
File size: 2434 bytes
MD5: 2d0605f53c107849295e67e887525ff9
SHA1: b5fbef06d240c701da599ab8ecdf5cc9db9bb099
PEiD: -


文件 Pps.rar 接收于 2008.02.10 23:54:11 (CET)
ht tp://www.virustotal.com/zh-cn/analisis/2420f262c8e6b047fe27c7b2ded679ab
结果: 8/32 (25%)

反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.2.6.10 2008.02.05 -
AntiVir 7.6.0.62 2008.02.10 HTML/Shellcode.Gen
Authentium 4.93.8 2008.02.10 -
Avast 4.7.1098.0 2008.02.10 -
AVG 7.5.0.516 2008.02.10 Exploit
BitDefender 7.2 2008.02.10 Exploit.HTML.Agent.X
CAT-QuickHeal None 2008.02.08 -
ClamAV 0.92 2008.02.10 -
DrWeb 4.44.0.09170 2008.02.10 -
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5522 2008.02.08 -
Ewido 4.0 2008.02.10 Not-A-Virus.Exploit.HTML.IframeBof.d
FileAdvisor 1 2008.02.10 -
Fortinet 3.14.0.0 2008.02.10 -
F-Prot 4.4.2.54 2008.02.10 HTML/IFrameBoF
F-Secure 6.70.13260.0 2008.02.10 HTML/IFrameBoF
Ikarus T3.1.1.20 2008.02.10 -
Kaspersky 7.0.0.125 2008.02.10 -
McAfee 5226 2008.02.08 -
Microsoft 1.3204 2008.02.10 -
NOD32v2 2862 2008.02.10 -
Norman 5.80.02 2008.02.08 -
Panda 9.0.0.4 2008.02.10 -
Prevx1 V2 2008.02.10 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.10 Mal/JSShell-A
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.10 -
TheHacker 6.2.9.215 2008.02.09 -
VBA32 3.12.6.0 2008.02.10 -
VirusBuster 4.3.26:9 2008.02.10 -
Webwasher-Gateway 6.6.2 2008.02.10 Script.Shellcode.Gen
附加信息
File size: 2077 bytes
MD5: 1aaaa1c4ebd0b12347ae823266bbdf89
SHA1: 3b3acb5a5cd0b37fca36b762638c67846bdb010f
PEiD: -

Graybird

Starting the file scan:

Begin scan in 'E:\virus\Bfyy.rar'
E:\virus\Bfyy.rar
  [0] Archive type: RAR
  --> Bfyy[1].gif
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
      [INFO]      The file was deleted!
Begin scan in 'E:\virus\htm.rar'
E:\virus\htm.rar
  [0] Archive type: RAR
  --> htm[1].htm
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Wuxin.7371
      [INFO]      The file was deleted!
Begin scan in 'E:\virus\htm1.rar'
E:\virus\htm1.rar
  [0] Archive type: RAR
  --> htm[2].htm
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Wuxin.7371
      [INFO]      The file was deleted!
Begin scan in 'E:\virus\Pps.rar'
E:\virus\Pps.rar
  [0] Archive type: RAR
  --> Pps[1].gif
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
      [INFO]      The file was deleted!

流清泉

楼主的名字让我想起了过去的金山论坛。

Palkia

C:\Documents and Settings\Administrator\桌面\Bfyy.rar>>Bfyy[1].gif        JS.Decoder.t        病毒        还未处理
C:\Documents and Settings\Administrator\桌面\htm.rar>>htm[1].htm        JS.WindowObject.Exploit.a        可疑程序        还未处理
C:\Documents and Settings\Administrator\桌面\htm1.rar>>htm[2].htm        JS.WindowObject.Exploit.a        可疑程序        还未处理
C:\Documents and Settings\Administrator\桌面\Pps.rar>>Pps[1].gif        JS.Decoder.t        病毒        还未处理

挪威的冬天

金山一贯性的对网页代码白痴 ....

systthird

麻烦楼主把毒网发出来 怎么没有别的exe运行，马桶就直接改tcpip.sys呢

Oceanzd

过不了卡巴主防

冷冷

原帖由 systthird 于 2008-2-11 11:27 发表
麻烦楼主把毒网发出来 怎么没有别的exe运行，马桶就直接改tcpip.sys呢

马桶是什么来着

hj5abc

maxthon ..

Joker

The requested object is INFECTED. The following viruses Exploit.JS.Agent.fw were found
The requested object is INFECTED. The following viruses Trojan-Downloader.JS.Multi.b were found
The requested object is INFECTED. The following viruses Trojan-Downloader.JS.Multi.b were found
The requested object is INFECTED. The following viruses Exploit.JS.Agent.fx were found