PCHOME被挂马了

显示全部楼层 · 发表于 2008-2-12 07:19:50

费尔报了5个毒

hxxp://hardware.pchome.net/

显示全部楼层 · 发表于 2008-2-12 07:21:12

Starting the file scan:

Begin scan in 'E:\virus\pchome.rar'
E:\virus\pchome.rar
  [0] Archive type: RAR
  --> CAQBWH69.gif
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Xunlei
  --> xl[1].gif
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Xunlei
  --> addr[1].js
   [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Agent.1746
   [WARNING] The file was ignored!

The file 'ms[1].gif' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

[ 本帖最后由 Graybird 于 2008-2-12 07:22 编辑 ]

显示全部楼层 · 发表于 2008-2-12 07:21:21

只有4个文件
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\pchome.rar'
C:\Documents and Settings\Administrator\My Documents\
  pchome.rar
  pchome.rar:Zone.Identifier
[0] Archive type: RAR
--> CAQBWH69.gif
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Xunlei
      [WARNING] Infected files in archives cannot be repaired!
--> ms[1].gif
--> xl[1].gif
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Xunlei
      [WARNING] Infected files in archives cannot be repaired!
--> addr[1].js
      [DETECTION] Contains detection pattern of the Java script virus JS/Dldr.Agent.1746
      [WARNING] Infected files in archives cannot be repaired!
      [WARNING] The file was ignored!

End of the scan: 2008年2月11日  15:21
Used time: 00:03 min

The scan has been done completely.

   0 Scanning directories
   6 Files were scanned
   3 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   3 Files not concerned
   1 Archives were scanned
   4 Warnings
   0 Notes

显示全部楼层 · 发表于 2008-2-12 07:40:57

没错是4个文件，费尔报了5次

文件 pchome.rar 接收于 2008.02.12 00:26:44 (CET)反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.2.12.10 2008.02.11 -
AntiVir 7.6.0.62 2008.02.11 JS/Dldr.Xunlei
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.11 -
AVG 7.5.0.516 2008.02.11 Exploit
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.11 -
ClamAV 0.92 2008.02.11 -
DrWeb 4.44.0.09170 2008.02.11 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5529 2008.02.11 -
Ewido 4.0 2008.02.11 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.11 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.11 -
Ikarus T3.1.1.20 2008.02.11 Trojan-Downloader.JS.Agent.ha
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5227 2008.02.11 -
Microsoft 1.3204 2008.02.11 -
NOD32v2 2866 2008.02.11 -
Norman 5.80.02 2008.02.11 -
Panda 9.0.0.4 2008.02.11 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.11 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.11 -
TheHacker 6.2.9.217 2008.02.11 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.11 -
Webwasher-Gateway 6.6.2 2008.02.11 Script.Dldr.Xunlei

附加信息
File size: 8083 bytes
MD5: 371fda47fc56c42e04396d9c25ee4f32
SHA1: a00adca46c2244e20b4220d5f67577ae459117c8
PEiD: -
packers: JSPack

显示全部楼层 · 发表于 2008-2-12 08:59:53

....最近这是咋了

显示全部楼层 · 发表于 2008-2-12 09:01:45

avast 全飘

显示全部楼层 · 发表于 2008-2-12 09:50:14

费尔越来越像红伞

中国的红伞，呵呵

显示全部楼层 · 发表于 2008-2-12 11:07:48

xunlei都被黑名单了……

显示全部楼层 · 发表于 2008-2-12 11:15:21

C:\Documents and Settings\Administrator\桌面\pchome.rar>>addr[1].js JS.Decoder.v 病毒还未处理
C:\Documents and Settings\Administrator\桌面\pchome.rar>>CAQBWH69.gif JS.Decoder.n 病毒还未处理
C:\Documents and Settings\Administrator\桌面\pchome.rar>>ms[1].gif JS.Decoder.n 病毒还未处理
C:\Documents and Settings\Administrator\桌面\pchome.rar>>xl[1].gif JS.Decoder.n 病毒还未处理

显示全部楼层 · 发表于 2008-2-12 14:02:01

利用real溢出漏洞的，绅博那边有人用卡巴主防防住了

[病毒样本] PCHOME被挂马了

本帖子中包含更多资源

回复 8楼傻猪猪米走鸡的帖子

[病毒样本] PCHOME被挂马了

本帖子中包含更多资源

回复 8楼 傻猪猪米走鸡 的帖子

回复 8楼傻猪猪米走鸡的帖子