再度召唤HUNTERS

qianwenxiang

Log is generated by FreShow.
[wide]http://xxx.llsj123.com/xxx.htm
    [script]http://xxx.llsj123.com/wm/rl.js
        [object]http://iii.u668u.com/admin.exe
    [frame]http://xxx.llsj123.com/wm/ad.htm
        [script]http://ppp.u668u.com/wm/111.js
            [object]http://iii.u668u.com/sta.exe
        [script]http://ppp.u668u.com/wm/bb.js
            [object]http://iii.u668u.com/admin.exe
        [script]http://ppp.u668u.com/wm/ppp.js
            [object]http://iii.u668u.com/admin.exe
        [script]http://ppp.u668u.com/wm/lz.js
            [object]http://iii.u668u.com/admin.exe

受不了了。。如果还有谁有兴趣的话可以解一下下面这些，以下链接均来自http://www.jkpk1000.com/url.txt

http://pop.imsee.cc/dl10.htm
http://ppp.imsee.info/x39.htm
http://ppp.chsip.net/xxx.htm
http://ccc.sqmnoopt.com/ro
http://xxx.llsj123.com/xxx.htm
http://ppp.imsee.info/x10.htm
http://union.525j.com.cn/cf
http://s101-cnzz.com/stat.htm
http://www.2033cn.com/wm/162.htm
http://xxx.wofala.info/117.htm
http://xxx.wofala.info/109.htm
http://08666.service-google.cn/vip/Cn8085.htm
http://1.100190.com/g3.htm
http://ppp.chsip.net/wm.htm
http://pagead2.googlesynidication.com/cq.htm
http://aaa.fenliu002.info/109.htm
http://xxx.haoqq1680.com/vip013.htm
http://aaa.fenliu002.info/117.htm
http://ppp.buyaoni.com/ww/new176.htm
http://ppp.chsip.net/wm.htm
http://ppp.buyaoni.com/ww/new05.htm
http://xxx.huilaiba.info/117.htm
http://www.10wip.com/yahoo/index.htm
http://www.16272.net/u102.html
http://www.59.vc/page/add_482545.htm
http://xxx.haoqq1680.com/zllll.htm
http://jiezibang.5d6d.com/bbs.php
http://niu.xinniankl.com/web/88687111.htm
http://user1.3332210.net
http://08621.service-google.cn/down/o2092.htm
http://xxx.sbwip.cn/index000.htm
http://1.100190.com/s2.htm
http://xxx.aomiba.com/index777.htm
http://xxx.aomiba.com/index000.htm
http://yun.yun878.com/web/6677640.htm
http://www.llsging.cn/www/lj2.htm
http://www.dajia789.com/1/index.htm
http://www.dajia789.com/13/index.htm
http://xxx.phppp.us/117.htm
http://ppp.749571.com/ww/new280.htm
http://service-google.cn/vip/Cn8085.htm
http://count23.51yes.biz/ee.htm
http://www.llsging.cn/www/lj7.htm
http://www.gogo52o.com/my/newb.htm
http://www.uhbaidu.com/photo/jin.htm
http://yun.yun878.com/web/6655996.htm
http://ppp.749571.com/ww/new177.htm
http://iii.wzxyq.com/root/sanguo22.htm
http://www1.bkyes.com/web
http://3.kv8.info/0000
http://www.dajia789.com/5/index.htm
http://ad.jopenqb.com/3808zz.htm
http://www.icz66.com/cj.html
http://www.icz66.com/xs.html
http://www.jopenqb.com
http://w.hcden.com
http://ooo.wzxyq.com
http://ppp.749571.com/ww/new05.htm
http://iii.wzxyq.com/root/517sese.htm
http://1.100190.com/1.htm
http://2.xks08.com/1.htm?7
http://www.59.vc/page/add_5454545.htm
http://2.lafan8.com/15.htm
http://w.hcden.com/mian.htm
http://www.99391.net/u102.html
http://www.51yes1.com/b/24.html
http://count24.51yes.biz/3808lj.htm
http://yun.yun878.com/web/6659386.htm
http://pr.749571.com/ww/new264.htm
http://pr.749571.com/ww/new280.htm
http://pr.749571.com/ww/new301.htm
http://down.malasc.cn/down/f8923.htm
http://count23.51yes.ws/root/sanguo22.htm
http://www.51yes1.com/b/15.html
http://www.ymybs.com/b/15.html
http://www.99391.net/u69.html
http://haha.haha1516.com/web/6659386.htm
http://aaa.77xxmm.cn/new877.htm
http://count23.51yes.ws/root/yese.htm
http://w.7ong.com/mian.htm
http://down.malasc.cn/down/o2092.htm
http://da.hhai01.com/good.htm
http://xxx.aishengho.com/24.htm
http://count23.51yes.ws
http://aa.531jx.cn/aa/4.htm
http://da.hhai01.com/3808.htm
http://count23.51yes.ws/root/huhu.htm
http://a5.llsging.com/ww/new119.htm
http://www.99fj.net
http://www.dd885.com/
http://www.654.cn
http://www.hao8899.com
http://203.81.29.121
http://www.900p8d.info
http://www.lawres.com
http://www.tohk.cn
http://aaa.77xxmm.cn
http://www.blog5460.com.cn
http://xx.522love.cn
http://x.bao01.com
http://user2.33391.net
http://www.99391.net
http://www.w3c-org.com
http://k.lonoso.com
http://aa.531jx.cn/8.htm?008
http://aa.llsging.com
http://a1.llsging.com
http://www.balldu.com
http://dfs.jfkdlirjnfirpocr.com
http://www.3ehaolihai.cn/down.htm?607
http://aaa.520ping.com
http://58.211.79.107
http://eee.jopenqc.com
http://www.00ki.cn
http://aa.18dd.net
http://www.qq737.cn
http://xxx.aishengho.com/17.htm
http://www.99391.net/u03.html?008
http://vip.my.qq.com.qqcvc.cn
http://61.152.169.246
http://60.190.222.235
http://sdo.969111.com
http://www.969111.com
http://news.hook163.com
http://www.59800.net
http://www.00110.net
http://www.puma166.com
http://www.dainc.cn
http://219.129.239.191
http://60.169.1.211
http://xxx.745970.com
http://xxx.18dmm.com

[ 本帖最后由 qianwenxiang 于 2008-3-3 18:32 编辑 ]

Palkia

瑞星病毒查杀结果报告

清除病毒种类列表：
病毒： Trojan.DL.Win32.Direct.me

MAC 地址：00:17:31:40:A3:57

用户来源：局域网

软件版本：20.34.01

hahacomcn

Begin scan in 'C:\Documents and Settings\haha\桌面\Data03.rar'
C:\Documents and Settings\haha\桌面\Data03.rar
  [0] Archive type: RAR
    --> admin.exe
      --> Object
        [2] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/Dldr.Delf.epw.1
    --> sta.exe
      --> Object
        [2] Archive type: RSRC
        --> Object
            [DETECTION] Is the Trojan horse TR/Dldr.Delf.epw.1
      [INFO]      A backup was created as '483fd67d.qua'  ( QUARANTINE )


End of the scan: 2008年3月3日  18:42
Used time: 00:02 min

The scan has been done completely.

      0 Scanning directories
      3 Files were scanned
      2 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      1 Files not concerned
      1 Archives were scanned
      0 Warnings
      0 Notes

daps

sep飘

qigang

好多恶意网站，一个个解过来，那不累死啊！

tanlimo

这个太吓人了，先看看吧




Log is generated by FreShow.
[wide]http://pop.imsee.cc/dl10.htm
    [frame]http://pop.imsee.cc/news.html
        [script]http://xxx.ckabc.net/ms06014.js
            [object]http://user1.1a2b3c0.net/bak.css
        [frame]http://xxx.ckabc.net/GLWORLD.html
        [frame]http://xxx.ckabc.net/StormII.html
        [script]http://xxx.ckabc.net/real.js
        [frame]http://xxx.ckabc.net/Thunder.html



[wide]http://ppp.imsee.info/x39.htm
    [frame]http://ppp.imsee.info/news.html
        [frame]http://ppp.imsee.info/*
        [script]http://xx.ckabc.net/Ajax.gif
            [object]http://xxx.ayehao.com/0.exe
        [frame]http://xx.ckabc.net/Ms06014.htm
            [object]http://xxx.ayehao.com/0.exe
        [script]http://xx.ckabc.net/Real.js
            [object]http://xxx.ayehao.com/0.exe
        [script]http://xx.ckabc.net/Bfyy.gif
        [script]http://xx.ckabc.net/XunLei.gif
        [script]http://xx.ckabc.net/Lz.gif
        [frame]http://xx.ckabc.net/QVod.html


[wide]http://ppp.chsip.net/xxx.htm
    [script]http://ddd.u668u.com/wm/rl.js
        [object]http://iii.u668u.com/admin.exe
    [frame]http://ddd.u668u.com/wm/ad.htm
        [frame]http://ddd.u668u.com/wm/*
        [script]http://ppp.u668u.com/wm/111.js
            [object]http://iii.u668u.com/sta.exe
        [script]http://ppp.u668u.com/wm/bb.js
        [script]http://ppp.u668u.com/wm/ppp.js
            [object]http://iii.u668u.com/admin.exe
        [script]http://ppp.u668u.com/wm/lz.js

算了，不玩了

[ 本帖最后由 tanlimo 于 2008-3-3 20:14 编辑 ]

beyondcloud

nod32 飘

wangjay1980

k

qigang

瑞星病毒查杀结果报告

清除病毒种类列表：

病毒： Trojan.DL.Win32.Direct.me

MAC 地址：00:11:5B:F3:6D:69

用户来源：互联网

软件版本：20.34.02

taiw_1144

木马名称:Trojan-Downloader.Win32.Delf.jab

程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~56.TMP
是木马程序!
已成功阻止其运行,是否要删除此文件?

发现未知木马，是否删除？
程序:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\DATA03\ADMIN.EXE
木马程序生成以下文件:
1) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~28.TMP
是否删除木马程序及其衍生物?